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REVISION 1 

of the 

Department of Defense OVERPRINT to the 

National Industrial Security Program Operating Manual Supplement 

FOREWARD 

In January 1998, the Deputy Under Secretary of Defense for Policy Support dispatched 
the first Department of Defense (DoD) Overprint | to the National Industrial Security 
Program Operating Manual Supplement (NISPOMSUP). The initial Overprint provided 
additional guidance unique to the DoD Special Access Community, and a framework of 
security options that affected all Special Access Program (SAP) protection levels. 

This complete re-issuance of the DoD Overprint supercedes the previous Overprint. 
Within DoD, the re-issuance also removes the need to keep a separate Supplement, as the 
provisions of the supplement are reprinted in the Overprint. 

The provisions of the NISPOMSUP and the new Overprint continue to apply to all DoD 
agencies, organizations, and contractors participating in the administration or 
performance of DoD SAPs. It also applies to other Government organizations that, by 
agreement, operate DoD SAPs. 

The Overprint text, shown in bold Arial font, provides guidance or information that 
clarifies a requirement unique to the DoD community. If doubt exists concerning a 
specific provision of the Overprint, contractors should consult the Program Security 
Officer (PSO) to resolve the matter before taking action or expending program-related 
funds. 

This new Overprint implements a significant change over the previous edition. The two 
“tables of options” have been changed to “tables of requirements.” The DoD SAP 
community can no longer invoke these standards as options. Instead, they are seen as 
clear-cut requirements and must be met or appropriately waived. 

To facilitate reciprocity, the vast majority of DoD requirements within this Overprint are 
levied against all three SAP protection levels: Waived, Acknowledged, and 
Unacknowledged. However, four NISPOMSUP requirements do not affect all three 





protection levels (see Table 1). These DoD requirements may be waived and the 
procedures are cited in subsequent paragraphs. 

The security guidance contained in Chapter 8, Automated Information Systems (AIS), 
was developed in 1994. As such, it has not kept pace with technological advances for 
information systems and needs to be updated. Although progress is being made, final 
security guidance remains unpublished. Until DoD publishes SAP AIS security 
guidance, organizations responsible for management of DoD SAPs are authorized to 
continue adherence with Chapter 8 standards, may elect to comply with the provisions of 
Director of Central Intelligence Directive (DCID) 6/3, or may comply with Chapter 8 
guidance as supplemented by their Component. 

On occasion, it may be necessary to decrease or lessen the requirement in the Overprint 
by waivering “down” the standard. Such action can only be approved by the appropriate 
SAP Central Office or designated flag-level official. Waivers “down” must be registered 
with the organizations SAP central office during the time the waiver is in force. The 
Director, DoD SAP Coordination Office (SAPCO) must be notified in writing of the 
exact content of the waiver. 

Waivers “up” to increase or expand individual SAP protective measures must be 
approved by the DoD SAPCO. In an emergency, a flag-level official may authorize a 
waiver “up”. All waivers, to include those temporarily imposed, will be reported to the 
SAP Oversight Committee (SAPOC). 

Applying “commensurate protective measures” to a particular SAP means that equivalent 
protections are being used rather than following the exact wording of the Overprint. The 
use of commensurate protective measures is a risk-management decision, which is 
delegated to Component-level security professionals in the grade of GS-14 or above, or 
military equivalent. 

Adherence to the standards set forth in this DoD Overprint will ensure compliance with 
national-level policy, and allow for general and specific reciprocity among and between 
SAPs of the same sensitivity level. 



Carol A. Haave 

Deputy Under Secretary of Defense 
for Counterintelligence and Security 




NISPOM Supplement (NISPOMSUP) Overprint 
A key to understanding the Overprint 



There are a number of different fonts and typefaces used within the NISPOMSUP Overprint. This page 
provides a key to understanding the Overprint. If you are not thoroughly familiar with the style and 
layout of the Overprint, please study the example provided below prior to proceeding. NOTE: As you 
read the Overprint, remember that since the NISPOMSUP was coordinated and approved as an 
interagency document, all language in the original NISPOMSUP remains unchanged. Also, all 
provisions of the original NISPOM (baseline) that are not supplemented remain as valid requirements. 



r 




This example is clipped from a page of the 
NISPOMSUP Overprint. It illustrates the 
use of the various fonts and type faces to 
promote understanding of the requirements 
in the Overprint. The example also aids in 
identifying the origin of the specific 
requirement. 



5-201. Accountability. Accountability of I 

classified SAP material shall be determined and \ 
approved in writing by the CSA or designee at the ^ 
time the SAP is approved. A separate | 

accountability control system may be required for I 

each SAP. » 



WAIVED - ^ 

UNACKNOWLEDGED - ✓ 



a. The following types of classified 
information requires accountability 
(personal signature or other 
identifiers). This material will be 
entered into a document 
accountability system whenever it is 




The use of black Times New Roman 
font indicates that this text came 
directly from the NISPOMSUP. The 
bold italics indicate that all SAPs 
must comply with the requirement in 
the text. The standard Times New 
Roman text following the bold italics 
is also verbatim from the 
NISPOMSUP. 



This text block indicates to which 
level of SAP the NISPOMSUP 
requirements applies. This block will 
not appear when the requirements 
applies to all 3 SAP levels 



The use of bold Arial font 
represents Overprint text added to 
the NISPOM Supplement to 
promote understanding and further 
explain the requirement. 



On the following page, is a table listing each DoD requirement where the Standard is found in the 
NISPOMSUP Overprint and the SAP protection level to which the individual requirement applies. 
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Table 1 

Table 1 lists the DoD requirements that are unique and applicable to Waived and 

Unacknowledged SAPs. 



NISPOM- 

SUP 


OVERPRINT 
PAGE NO. 


TITLE 


REMARKS 


SAP 

Levels 


1-204 


1 - 2-4 


Two Person Integrity 
(TPI) 


Two Person Integrity with PSO approval 


W 


1 - 206 . C . 


1 - 2-5 


Prime Contractor 
Representative 


Prime contractor may be present and 
participate in subcontractor reviews 


W,U 


2-100.a. 


2 - 1-1 


Facility Clearance - CSA 


Program Executive Agent may carve-in or 
carve-out CSA 


W,U 


2-IOO.c. 


2 - 1-1 


Contract Association 
with CSA 


Association may be restricted and 
classified 


W,U 



Table 2 

Table 2 lists the DoD requirements that are applicable to ALL DoD SAPs, regardless of 

assigned protection level. 



NISPOM- 

SUP 


OVERPRINT 
PAGE NO. 


TITLE 


REMARKS 


1-201 


1-2-2 


Standard Operating 
Procedures (SOP) 


Prepare a comprehensive program SOP 


1-202 


1-2-3 


Badging 


PSO approved badging system for 
program areas 


1-206.e. 


1-2-5 


Contractor Reviews 


Government prescribed contractor review 
intervals 


1-206.f. 


1-2-5 


Team Reviews 


Reviews by more than one PSO with 
consent of Government and contractor 


1-300.e. 


1-3-1 


Foreign Travel 


PSO may require reporting of all travel 
outside the U.S.; supplemental report may 
be required. 


2-201. b. 


2-2-1 


Program Access 
Requirements 


PSO may authorize access if PR is outside 
the 5 year scope 


2-201 .d. 


2-2-2 


Access Criteria and 
Evaluation Process 


PSQ completion and access evaluation 
may be required at the activity 


2-202. a. 


2-2-4 


Supplemental Measures 
and Polygraph 


Polygraph may be required for access or 
interim access pending PR completion 


2-205 


2-2-5 


Agent of the Government 


Government may designate a contractor 
nominated as an Agent of the Government 


3-1 01. b. 


3-1-2 


Security Training 


Professional AIS training may be required 
of all contractor ISSRs 


3-103 


3-1-4 


Refresher Briefings 


PSO may require a record be kept of 
briefings 


4-202 


4-2-2 


Engineer's Notebooks 


PSO may impose additional requirements 


5-201 


5-2-1 


Accountability 


A separate control system may be 
required for each SAP 


5-202 


5-2-2 


Annual Inventory 


May be required for classified SAP 
material with a written report of 
discrepancies 


5-203 


5-2-2 


Collateral Material 


May be transferred in or out of a SAP 


5-403 


5-4-2 


Secure Facsimile and/or 
Electronic Transmission 


May be used for SAP as approved by PSO; 
may require receipting 


5-404 


5-4-2 


U.S. Postal Mailing 


Mailing channels may be established as 
approved by the PSO 





































































































NISPOM- 

SUP 


OVERPRINT 
PAGE NO. 


TITLE 


REMARKS 


5-600 


5-6-1 


Reproduction 


Equipment may require PSO approval; 
written procedures may be required; PSO 
approval may be required for TS 


5-700 


5-7-1 


Disposition 


CPSOs may be required to inventory, 
dispose of, request retention, or return for 
disposition all SAP-related material 


5-701 


5-7-1 


Retention 


Contractor may be required to submit a 
retention request to the CO via the PSO. 


5-702 


5-7-1 


Destruction 


Two Person Destruction of classified may 
be required; non-accountable waste may 
be destroyed by a single person 


5-800 


5-8-1 


Special Access Program 
Facility 


Contractor may be required to establish 
approved SAPF prior to commencing work 


5-801 .f. 


5-8-1 


SAPF Physical Security 


Unique physical security requirements 
may be established on a case-by-case 
basis 


5-802. a. 


5-8-2 


SAPF Physical Security 
Standards 


DCID 1/21-like standards may be required 
for a SAPF 


5-802. b. 


5-8-2 


SAPF Physical Security 
Standards 


NISPOM closed area standards may be 
applied with DCID 1/21 -like STC standards 


5-802.C. 


5-8-2 


SAPF Physical Security 
Standards 


PSO may approve baseline construction 
as additional option for some areas 


5-803 


5-8-2 


SAP Secure Working 
Areas 


PSO may approve any area with options 
for providing sound protection 


5-804 


5-8-2 


Temporary SAPF 


PSO may accredit a temporary SAPF 


5-806. c 


5-8-3 


Technical Surveillance 
Countermeasures survey 


TSCM may be required for a reinstatement 
of previously accredited SAPF 


5-807 


5-8-3 


Prohibited Items 


Magnetic media entering or leaving SAPF 
may require PSO approval 


6-106 


6-1-2 


Visitor Record 


Separate program visitor record may be 
required; retention may be required 


7-102 


7-1-2 


Security Agreements 


Requirements for subcontracting security 
requirements agreements 


11-301 


11-3-1 


Independent Research 
and Development 
document retention 


Contractor may be allowed to retain 
classified material; sanitization may be 
required 


11-400 


11-4-1 


Operations Security 


Employing OPSEC cover techniques may 
be required 


11-500 


11-5-1 


Counterintelligence 

Support 


Analysis of foreign intelligence threats 
and risks to programs 


11-501 


11-5-1 


Countermeasures 


Security countermeasures for SAPs may 
be required 


11-700 


11-7-1 


Close-out of a SAP 


Contractor may be required to submit a 
termination plan 


11-701 


11-7-1 


SAP Secure 
Communications 


Secure communications network and/or 
data network linking may be used 


DCIDs 

1-100 


1-1-1 


DCID-like Standards 


Director of Central Intelligence Directives 
(DCID) may be imposed for SCI within a 
DoD SAP 


DCIDs 

1-101 


1-1-2 


DCID-like standards 


DCID-like standards may be applied to a 
DoD SAP only with SAPOC approval 
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Chapter 1 

General Provisions and Requirements 



Section 1. Introduction 



1-100. Purpose. 

a. This Supplement provides special security 
measures to ensure the integrity of SAPs, Critical 
SECRET Restricted Data (SRD), and TOP SECRET 
Restricted Data (TSRD) and imposes controls 
supplemental to security measures prescribed in the 
NISPOM for classified contracts. Supplemental 
measures fall under the cognizance of the DoD, DCI, 
DOE, NRC or other Cognizant Security Agency 
(CSA) as appropriate. See page 1-1-4 (now 1-1-5) 
for Figure 1, SAP Government and Contractor 
Relationships. Additionally, specific contract 
provisions pertaining to these measures applicable to 
associated unacknowledged activities will be 
separately provided. Any Department, Agency, or 
other organizational structure amplifying instructions 
will be inserted immediately following the applicable 
security options selected from the NISPOMSUP. 

This will facilitate providing a contractor with a 
supplement that is overprinted with the options 
selected. 



b. Security Options. This Supplement contains 
security options from which specific security 
measures may be selected for individual programs. 
The options selected shall be specifically addressed 
in the Program Security Guide (PSG) and/or 
identified in the Contract. The PSG shall be endorsed 
by the CSA or his/her designee, establishing the 
program, although, as a rule, the DCIDs sets the 
upper limits. In some cases, security or sensitive 
factors may require security measures that exceed 
DCID standards. In such cases, the higher standards 
shall be listed separately and specifically endorsed by 
the CSA creating the program and may be reflected 
as an overprint to this Supplement. 

NOTE: Within DoD, the requirements 
for DoD Waived, Unacknowledged, 
and Acknowledged SAPs are 
specified throughout this document. 



The material appearing in bold Arial 
font is DoD implementing language 
for SAPs. It does not apply to 
sensitive compartmented 
information, which is governed by 
DCIDs. Policy established within the 
DCIDs applies to SCI information 
within a DoD SAP. 

1-101. Scope. 

a. The policy and guidance 
contained herein and imposed by 
contract is binding upon all persons 
who are granted access to SAP 
information. Acceptance of the 
contract security measures is a 
prerequisite to any negotiations 
leading to Program participation and 
accreditation of a Special Access 
Program Facility (SAPF). 

1. This document will be applicable to 
the following SAP activities: all 
Government offices participating in 
DoD SAPs, SAPs for which a DoD 
organization is the Executive Agent, 
and all contractor locations 
performing work on DoD SAPs or 
SAPs for which the DoD is the 
Executive Agent. This document is 
applicable to SAP activities located 
within the United States, its Trust 
Territories and Possessions, and at 
overseas locations. 

2. At Government locations, the 
Government Program Manager 



l-i-i 




(GPM), or equivalent Senior 
Government Manager, may fulfill the 
role of the GPM and Contractor 
Program Manager (CPM) (this applies 
to government employees 
conducting the work) as specified in 
this document. The terminology 
“activity security officer” and 
Contractor Program Security Officer 
(CPSO) shall be applied to the 
responsible security officer or 
manager at a Government location. 

3. Certain Government and 
contractor locations supporting 
multiple SAPs may be assigned a 
single, cognizant PSO or Security 
Representative. This single, 
cognizant PSO shall be responsible 
for the implementation of policy 
contained in this document. This 
responsibility shall include area 
approval, approval of Standard 
Operating Procedures, Automated 
Information System Security Plans 
(AISSP), approval of individuals 
selected as Information System 
Security Representatives (ISSR), and 
overseeing ISSR activities specified 
in Chapter 8 of this document. 

4. The provisions of the NISPOMSUP 
Overprint apply equally to all DoD 
government agencies, organizations, 
and contractors who are 
administering, managing, securing, 
or participating in DoD SAPs. 

Except for government or contractor 
specific responsibilities, or as may 
be delineated in an MOU, PSG, or 
equivalent document, the terms PSO, 
CPSO, and activity security officer 
may be used interchangeably within 
this document to ensure equal 
applicability of these provisions to 



both government and contractor SAP 
participants. 

Government or contractor 
participants should direct any 
questions or issues concerning the 
provisions of this document 
requiring resolution to the 
government official assigned 
responsibility for program security. 

b. The following is restated from the baseline for 
clarity. If a contractor determines that 
implementation of any provision of this Supplement 
is more costly than provisions imposed under 
previous U.S. Government policies, standards, or 
requirements, the contractor shall notify the CSA. 
Contractors shall, however, implement any such 
provision within three years from the date of this 
Supplement, unless a written exception is granted 

by the csa. The 3-year window for 
contractors no longer applies. 

c. The DCIDs apply to all SCI and DCI programs 
and any other SAP that selects them as the program 
security measures. 

DCID standards will be applied to 
DoD SAPs only with SAPOC 
approval. 

1-102. Agency Agreement SAP Program 
Areas. The Government Agency establishing a SAP 
will designate a Program Executive Agent for the 
administration, security, execution, and control of the 
SAP. The Program Security Officer (PSO), will be 
responsible for security of the program and all 
program areas. 

1-103. Security Cognizance. Those heads of 
Agencies authorized under E.O. 12356 or successor 
order to create SAPs may enter into agreements with 
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the Secretary of Defense that establish the terms of 
the Secretary of Defense's responsibilities for the 
SAP. When a Department or Agency of the 
Executive Branch retains cognizant security 
responsibilities for its SAP, the provisions of this 
Supplement will apply. 

1-104. Supplement Interpretations. All 

contractor requests for interpretation of this 
Supplement will be forwarded to the PSO. Within 

DoD, the PSO will submit all 
unresolved policy interpretations to 
the cognizant Central Office for 
review and any action deemed 
appropriate. 

1-105. Supplement Changes. Users of this 

Supplement are encouraged to submit recommended 
changes and comments through their PSO in 
concurrence with the baseline. Within DoD, the 

PSO will forward all change 
proposals through the Component 
SAP Central Office. The Component 
SAP Central Office will then forward 
the proposals to the DoD SAP Central 
Office for coordination within OSD 
and final determination. 

1-106. Waivers and Exceptions. The purpose 

of having a waiver and exception policy is to ensure 
that deviations from established SAP criteria are 
systematically and uniformly identified to the 
Government Program Manager (GPM). Every effort 
will be made to avoid waivers to established SAP 
policies and procedures unless they are in the best 
interest of the Government. In those cases where 
waivers are required, a request will be submitted to 
the PSO. As appropriate, the PSO, and if necessary 
the GPM (if a different individual) will assess the 
request for waiver and provide written approval. If 
deemed necessary, other security measures which 
address the specific vulnerability may be 
implemented. 



Submit the completed SAP Format 12 
to the PSO, who will process the 
waiver in accordance with the 
Foreword to this document. 

Use SAP Format 12 to submit waiver 
requests to these and other security 
directives for SAPs. Security Officers 
at all levels shall maintain a file of 
approved waivers. Attach maps, 
photos, or drawings to waiver 
requests when necessary. 
Subcontractors submit SAP Format 
12 through their prime contractor, 
who will annotate the REVIEWING 
OFFICIAL block. The requester 
ensures adequate compensatory 
measures are taken for each waiver. 

1-107. Special Access Programs 
Categories and Types. 

There are four generic categories of SAPs: (1) 
Acquisition SAP (AQ-SAP); (2) Intelligence SAP 
(IN-SAP); (3) Operations and Support SAP (OS- 
SAP); and (4) SCI Programs (SCI - SAP) or other 
DCI programs which protect intelligence sources and 
methods. 

Within the DoD there are three 
categories of DoD SAPs: (1) 
Acquisition; (2) Intelligence; and (3) 
Operations and Support. 

b. There are two types of SAPs, Acknowledged and 
Unacknowledged. An Acknowledged SAP is a 
program which may be openly recognized or 
known; however, specifics are classified within 
that SAP. The existence of an Unacknowledged 
SAP or an unacknowledged portion of an 
Acknowledged program, will not be made 
known to any person not authorized for this 
information. 
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Within DoD, three levels of SAP 
protection apply. The three levels 
are: 

1. Waived SAP 

2. Unacknowledged SAP 

3. Acknowledged SAP 

These SAP levels are further 
explained in DoD Directive 5205.7 
and DoD Instruction 5205.11. 
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SAP 



Government/Contractor/Relationships 






Figure 1 



* ISSR may work for the CPSO, or work as a peer to the CPSO for AIS purposes, depending on Program Requirements. 



Note: Within the DoD Components, different reporting relationships between the 
PM and PSO may exist. 



1 - 1-5 











Section 2. General Requirements 



1-200. Responsibilities. A SAP Contractor 
Program Manager ( CPM) and Contractor Program 
Security Officer (CPSO) will be designated by the 
contractor. These individuals are the primary focal 
points at the contractor facility who execute the 
contract. They are responsible for all Program 
matters. The initial nomination or appointment of 
the CPSO and any subsequent changes will be 
provided to the PSO in writing (RFP). For the 
purposes of SAPs, the following responsibilities are 
assigned: 

Unless circumstances (size and 
involvement) dictate otherwise, each 
organization associated with a SAP 
must designate one or more Security 
Officers, who are trained and 
resourced to perform the duties 
indicated in Paragraph B below, and 
who are responsible for 
implementing program security 
policies within the activity. Security 
Officers must have the position, 
responsibility, and authority 
commensurate with the degree of 
security support required for that 
organization. The PSO must approve 
or reject the appointment of all 
CPSOs. 

a. The CPM is (sometimes the same as, or in ad 
dition to a Contract Project Manager) the con tractor 
employee responsible for: 

1. Overall Program management. 

2. Execution of the statement of work, contract, task 
orders and all other contractual obligations. 

b. The CPSO oversees compliance with SAP 
security requirements. The CPSO will: 



1 . Possess a personnel clearance and Program 
access at least equal to the highest level of Program 
classified information involved. 

2. Provide security administration and management 
for his/her organization . 

3. Ensure personnel processed for access to a SAP 
meet the prerequisite personnel clearance and/or 
investigative requirements specified. 

4. Ensure adequate secure storage and work spaces. 

5. Ensure strict adherence to the provisions of the 
NISPOM, its Supplement, and this Overprint . 

6. When required, establish and oversee a classified 
material control program for each SAP. 

7. When required, conduct an annual inventory of 
accountable classified material. 

8. When required, establish a SAPF. 

9. Establish and oversee visitor control program. 

10. Monitor reproduction and/or duplication and 
destruction capability of SAP information. 

11. Ensure adherence to special communications 
capabilities within the SAPF. 

12. Provide for initial Program indoctrination of 
employees after their access is approved; rebrief and 
debrief personnel as required. 

13. Establish and oversee specialized procedures for 
the transmission of SAP material to and from 
Program elements. 

14. When required, ensure contractual specific 
security requirements such as TEMPEST 
Automated Information System (AIS), and 
Operations Security (OPSEC) are accomplished. 
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Note: Within DoD TEMPEST is known 
as EMSEC, 

15. Establish security training and briefings 
specifically tailored to the unique requirements of 
the SAP. 



c. The PSO provides day to day 
security management for the 
Program. The Component SAP 
Central Office provides overall SAP 
policy guidance. 

1-201. ^Standard Operating Procedures 
(SOP). The CPSO may be required to prepare a 
comprehensive SOP to implement the security 
policies and requirements for each SAP. When 
required, SOPs will address and reflect the 
contractor's method of implementing the PSG. 
Forward proposed SOPs to the PSO for approval. 
SOPs may be a single plan or series of individual 
documents each addressing a security function. 
Changes to the SOP will be made in a timely fashion, 
and reported to the PSO as they occur. 

a. SOPs are similar to Standard 
Practice Procedures (SPPs) formerly 
required prior to the National 
Industrial Security Program (NISP). 
Prepare SOPs only if revision of the 
current SPP is required to implement 
new guidance contained in this or 
program-specific security 
directives/guidance. Only procedural 
changes must be approved by the 
PSO. 



b. Refrain from including repetitious, 
word-for-word verbiage from any 
other security directives. Instead, 
address the local and “nuts-and- 
bolts” implementation of applicable 
security directives (including the 
NISPOM, NISPOMSUP, and this 
document). Care should be taken to 



avoid imposing requirements that 
would increase program costs. The 
following subjects, as applicable, 
should be considered for inclusion: 

• Secure communications device 
instructions. 

• Annual self-reviews. 

• Handling classified material 
(marking, storing, access, working 
papers, distribution, mailing, hand- 
carrying, etc.). 

• Reproduction. 

• Destruction. 

• Top Secret control procedures (if 
applicable). 

• Safe or vault custodian duties and 
end-of-day security checks. 

• Emergency protection. 

• Entry and exit reviews and 
briefcase and parcel searches. 

• Security incidents. 

• Document control (e.g., 
accountability of SAP classified 
material) and audit procedures. 

• Subcontracting, handling of 
vendors and consultants. 

• Personnel selection and program 
access procedures. 

• Security organization and 
management. 

• Operations security (OPSEC). 

• Security education. 

• Unique security procedures. 

c. Prepare and forward SOPs for 
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specific program activities (i.e., test, 
transportation, and handling) to the 
PSO at least 30 days in advance of 
the planned activity. When the 
activity occurs frequently or 
throughout the contract, develop 
generic or “boiler plate” plans and 
omit dates and other specifics. 
Submit dates and plans under 
separate cover. 

d. Automated Information Systems 
(AIS). Prepare and maintain a 
computer SOP to implement the 
security policies contained in either 
Chapter 8, DCID 6/3, or Component 
supplemental guidance. Do not 
necessarily write a specific SOP for 
each system. Instead, write a generic 
SOP and prepare attachments 
showing unique details for each 
specific system using SAP Format 
16. 



e. Contractors are not required to 
prepare an SOP for pre-solicitation 
activity (PSA), a Program Research 
and Development Announcement 
(PRDA), Request for Information 
(RFI), or Request for Proposal (RFP) 
when there is no contractual 
relationship established for that 
effort. Classification guidance and 
special security rules reflected on the 
DD Form 254 and in the PSG suffice 
for a SOP. If a formal contract is not 
executed, one of the following three 
actions (or combination of the three 
actions) will be taken: 

• The material will be returned to the 
Government. 

• The material will be destroyed and 



the Government notified. In the case 
of TS, a copy of the destruction 
certificate will be provided to the 
Government. 

• Documentation can be retained by 
the contractor if approved by the 
PSO/PCO. If information is retained, 
written procedures which establish 
protective measures will be in place. 

f. Subcontractors are not required to 
prepare SOPs when all work by that 
subcontractor is performed at a 
prime contractor facility. Storage 
normally is not authorized at the 
subcontractor location under these 
circumstances. Keep program access 
records and other program 
documentation at the prime 
contractor facility. 

g. Fabrication. Fabrication of 
program-related classified hardware 
or models may require a specific 
security plan. Consult the PSO to 
determine when security plans are 
required. 

1-202. Badging. Contractors performing on 
Programs where all individuals cannot be personally 
identified, may be required to implement a PSO- 
approved badging system. 

The best form of entry control is 
personal introduction and 
identification. Use this procedure to 
the maximum extent. Use a badge 
system unless the program area is 
small enough (normally less than 25 
people) to permit total personal 
identification and access level 
determination. 

When a badging system is 
considered necessary, the security 
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officer will document the badge 
approach in the SOP, addressing 
topics such as badge accountability, 
storage, inventory, disposition, 
destruction, format and use (i.e. 
magnetic stripes, photographs, 
biometrics, and so on). 

If card readers are used in 
conjunction with badges and a 
means exist to lock out lost, unused, 
and relinquished badges, the PSO 
may negate the requirements stated 
above for badge inventory, 
accountability and destruction. 

1-203. Communications Security 
(COMSEC). Classified SAP information will be 
electronically transmitted only by approved secure 
communications channels authorized by the PSO. 

See paragraph 5-403. 

1-204. * Two-Person Integrity (TPI) 
Requirement. The TPI rule may be required and 
exercised only with the Program CSA approval. This 
requirement does not apply to those situations where 
one employee with access is left alone for brief 
periods of time, nor dictate that those employees will 
be in view of one another. 

WAIVED - V 
UNACKNOWLEDGED - 

1-205. Contractors Questioning Perceived 
Excessive Security Requirements. All personnel are 
highly encouraged to identify excessive security 
measures that they believe have no added value or are 
cost excessive and should report this information to 
their industry contracting officer for subsequent 
repotting through contracting channels to the 
appropriate GPM/PSO. The GPM/PSO will respond 
through appropriate channels to the contractor 
questioning the security requirements. 

When required, disputes between a 
Command/Contractor and the PSO, 
concerning perceived security 



requirements that are considered to 
be excessive, will be forwarded to the 
Cognizant Security Agency (CSA) for 
resolution. Requirements unresolved 
at the CSA level will be forwarded to 
the Component-level SAPCO for 
consideration and decision. 

1-206. Security Reviews. 

a. General. The frequency of Industrial Security 
Reviews (e.g.. Reviews, evaluations, and security 
surveys) is determined by the NISPOM and will be 
conducted by personnel designated by the CSA. 

b. Joint Efforts. In certain cases, an individual 
Program may be a joint effort of more than one 
component of the U.S. Government or more than one 
element of the same component. In such a case, one 
element will, by memorandum of agreement, take the 
lead as the CSA and may have security review 
responsibility for the Program facility. In order to 
ensure the most uniform and efficient application of 
security criteria, review activities at contractor 
facilities will be consolidated to the greatest extent 
possible. 

Individual SAPs managed by a joint 
organization (one or more 
components of the Government or 
more than one element of the same 
component) will identify one 
organization having security review 
responsibility for each SAPF. 

c. Prime Contractor Representative. A security 
representative from the prime contractor may be 
present and participate during reviews of 
subcontractors, but cannot be the individual 
appointed by the CSA to conduct security reviews 
specified in paragraph 1 -206a. 

WAIVED - V 

UNACKNOWLEDGED - V 
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Contractor personnel will not serve 
as review team chiefs, assign ratings, 
conduct in/out briefings, or be 
responsible for completing the 
security review report. 

d. Review Reciprocity. In order to ensure the most 
uniform and efficient application of security reviews, 
review reciprocity at contractor facilities will be 
considered whenever possible. 

e. Contractor Reviews. When applicable, the U.S. 
Government may prescribe the intervals that the 
conUactor will review their systems. 

Contractors will conduct self-reviews 
annually, using the "Security Review 
Checklist" found in Appendix J. 
Contractor’s self-review reports will 
be submitted to the PSO when 
requested. Unless the contractor’s 
review reveals a significant security 
weakness or potential compromise 
condition, reports of self-reviews 
need not be submitted to the PSO. 
Review checklists will be retained in 
accordance with guidance found in 
Appendix G. 

f. Team Reviews. Team Reviews may be conducted 
by more than one PSO based on mutual consent and 
cooperation of both the Government and the 
contractor. 

1-208. (Baseline). Government and 
industry fraud, waste, and abuse 
(FWA) reporting is encouraged 
through channels designated by the 
PSO. Do not use other advertised 
FWA hotlines when program or SAP 
information (also refers to Special 
Access Required (SAR) information) 
may be revealed. Therefore, normal 
FWA reporting channels (e.g., DoD- 
advertised FWA hotline) must not be 



used for SAPs and associated SAR 
marked information. 



a. When requested, confidentiality 
may be granted. Individuals may be 
assured that they can report FWA 
instances without fear of reprisal or 
unauthorized release of their identity. 

b. The PSO will provide the name 
and telephone number for the current 
FWA manager or monitor and a 
poster reflecting this information. 

c. Disclosures received by SAP 
channels that are deemed 
inappropriate (e.g., Inspector General 
(IG) complaints, grievances, 
suggestions, discrimination 
complaints), will not be accepted. 
Instead, the individual making the 
disclosure will be referred to the 
appropriate agency or reporting 
system. Assistance will be provided 
to ensure that adequate program 
security is maintained for these 
referrals. 
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Section 3. Reporting Requirement 



1-300. General. All reports required by the 
NISPOM will be made through the PSO. In those 
instances where the report affects the baseline facility 
clearance or the incident is of a personnel security 
clearance nature, the report will also be provided to 
the Facility CSA. In those rare instances where 
classified program information must be included in 
the report, the report will be provided only to the 
PSO, who will sanitize the report and provide the 
information to the CSA, if appropriate. 

a. Adverse Information. Contractors will report to 
the PSO any information which may adversely 
reflect on the Program-briefed employee's ability to 
properly safeguard classified Program information. 

b. SAP Non-Disclosure Agreement (NDA). A 
report will be submitted to the PSO on an employee 
who refuses to sign a SAP NDA. 

If an NDA is not signed, access will 
not be granted. 

c. Change in Employee Status. A written report of 
all changes in the personal status of SAP 
indoctrinated personnel will be provided to the PSO. 
In addition to those changes identified in NISPOM 
subparagraph l-302c, include censure or probation 
arising from an adverse personnel action, and 
revocation, or suspension downgrading of a security 
clearance or Program access for reasons other than 
security administration purposes. 

d. Employees Desiring Not to Perform on SAP 
Classified Work. A report will be made to the PSO 
upon notification by an accessed employee or an 
employee for whom access has been requested that 
they no longer wish 

to perform on the SAP. Pending further instructions 



from the PSO, the report will be destroyed in 30 
days. 



e. *Foreign Travel. The PSO may require reports of 
all travel outside the continental United States, 
Hawaii, Alaska and the U.S. possessions (i.e., Puerto 
Rico) except same-day travel to border areas (i.e., 
Canada, Mexico) for Program-accessed personnel. 
Such travel is to be reported to the CPSO, and 
retained for the life of the Contract/Program [travel]. 
Travel by Program-briefed individuals into or 
through countries determined by the CSA as high- 
risk areas, should not be undertaken without prior 
notification. A supplement to the report outlining the 
type and extent of contact with foreign nationals, and 
any attempts to solicit information or establish a 
continuing relationship by a foreign national may be 
required upon completion of travel. 



Report all Program accessed 
personnel foreign travel to the PSO 
30-days in advance and upon 
completion (use SAP Format 6). 
Provide foreign travel briefings as 
required by paragraph 3-107 and 
debriefings in accordance with this 
paragraph and section 4 of SAP 
Format 6. A record of all Program 
accessed personnel foreign travel 
will be retained in official Program 
files. CPSOs will: 

• Review all proposed foreign travel 
itineraries of Program accessed 
personnel. 

• Notify the PSO before Program 
accessed personnel travel to any 
country, with special emphasis on 
travel to countries identified on 
the National Security Threat List. 

• Ensure that Program accessed 
personnel traveling outside the 
continental U.S., Hawaii, Alaska, 
and the U.S. possessions (i.e. 
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Puerto Rico) except same-day 
travel to border areas (i.e. Canada 
or Mexico) are given a foreign 
travel briefing in accordance with 
paragraph 3-107. 

• Upon completion of foreign travel, 
debrief the Program accessed 
traveler within 30-days, 
completing section 4 of SAP 
Format 6. 

• In coordination with the PSO, 
follow-up on security-related 
issues developed as a result of 
foreign travel. 

f. Arms Control Treaty Visits. The GPM and PSO 
will be notified in advance of any Arms Control 
Treaty Visits. Such reports permit the GPM and PSO 
to assess potential impact on the SAP activity and 
effectively provide guidance and assistance. 

g. Litigation. Litigation or public proceedings 
which may involve a SAP will be reported. These 
include legal proceedings and/or administrative 
actions in which the prime contractor, subcontractors, 
or Government organizations and their Program- 
briefed individuals are a named party. The CPSO will 
report to the PSO any litigation actions that may 
pertain to the SAP, to include the physical 
environments, facilities or personnel or as otherwise 
directed by the GPM. 

1-301. Security Violations and Improper 
Handing of Classified Information. 

Requirements of the NISPOM baseline pertaining to 
security violation are applicable, except that all 
communications will be appropriately made through 
Program Security Channels within 24 hours of 
discovery to the PSO. The PSO must promptly 
advise the Facility CSA in all instances where 
national security concerns would impact on collateral 
security programs or clearances of individuals under 
the cognizant of the Facility CSA. 

The PSO shall notify and report 
security violations to the GPM. 

a. Security Violations and Infractions. 



1. Security Violation. A security violation is any 
incident that involves the loss, compromise, or 
suspected compromise of classified information. 
Security violations will be immediately reported 
within 24 hours to the PSO. For DoD this applies to 
component level SAP Central Office as appropriate. 

Security Violation. (1) Any knowing, 
willful, or negligent action that could 
reasonably be expected to result in 
an unauthorized disclosure of 
classified information; (2) any 
knowing, willful, or negligent action 
to classify or continue the 
classification of information contrary 
to the requirements of E.0. 12958 or 
its implementing directives; or (3) 
any knowing, willful, or negligent 
action to create or continue a SAP 
contrary to the requirements of E.O. 
12958. 

2. Security Infraction. A security infraction is any 
other incident that is not in the best interest of 
security that does not involve the loss, compromise, 
or suspected compromise of classified information. 
Security infractions will be documented and made 
available for review by the PSO during visits. 

b. Inadvertent Disclosure. An inadvertent 
disclosure is the involuntary unauthorized access to 
classified SAP information by an individual without 
SAP access authorization. Personnel determined to 
have had unauthorized or inadvertent access to 
classified SAP information (1) should be interviewed 
to determine the extent of the exposing, and (2) may 
be requested to complete an Inadvertent Disclosure 

Form. (See SAP Format 5) 

1 . If during emergency response situations, guard 
personnel or local emergency authorities (e.g., police, 
medical, fire, etc.) inadvertently gain access to 
Program material, they should be interviewed to 
determine the extent of the exposure. If 
circumstances warrant, a preliminary inquiry will be 
conducted. When in doubt, contact the PSO for 
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advice. 

2. Refusal to sign an inadvertent disclosure oath 
will be reported by the CPSO to the PSO. 

3. Contractors shall report all unauthorized 
disclosures involving RD or Formerly Restricted 
Data (FRD) to Department of Energy (DOE) or 
Nuclear Regulatory Commission (NRC) through their 
CSA. 



(regardless of nationality) under 
circumstances that suggest the 
employee concerned may be the 
target of an attempted exploitation by 
the intelligence services of another 
country. 



1-302. (Baseline). Social Contact 
Reporting (other than foreign). Report 
social contact when: 



• The individual is questioned 
regarding the specifics of his or her 
job, organization, mission, etc. 

• Questioning is persistent regarding 
social obligations, family situations, 
etc. 

• Frequent or continuing contact is 
anticipated (e.g., pen pals, ham 
operators, Internet). 

• Any unusual incident with a citizen 
or other entity of any country. 



1-303. Reporting Foreign Contacts. 

Foreign contacts meeting the 
following criteria must be reported to 
the CPSOs. The CPSO provides the 
information to the PSO. Report any of 
the following: 



• Contact with personnel from foreign 
diplomatic establishments. 

• Recurring contact with a non-US 
citizen when financial ties are 
established or involved. 

• A request by anyone for illegal or 
unauthorized access to classified or 
controlled information. 

• Contact with an individual 
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Chapter 2 
Security Clearances 

Section 1. Facility Clearances 



2-100. General. Contractors will possess a 
Facility Security Clearance to receive, generate, use, 
and store classified information that is protected in 
SAPs. 

a. If a facility clearance has already been granted, the 
SAP Program Executive Agent may carve in the 
Facility CSA. The agreement entered into by the 
Secretary of Defense (SECDEF) with the other CSAs 
will determine the terms of responsibility for the 
Facility CSA with regard to SAP programs. Due to 
the sensitivity of some SAPs, the program shall be 
carved out by the Executive Agent designated by the 
CSA. 

WAIVED - V 

UNACKNOWLEDGED - V 

b. The CPSO shall notify the PSO of any activity 
which affects the Facility Security Clearance, (FCL). 

c. In certain instances, security and the sensitivity of 
the project may require the contract and the 
association of the contractor with the Program CSA 
be restricted and kept at a classified level. The 
existence of any unacknowledged effort, to include 
its SAPF, will not be released without prior approval 
of the PSO. 

WAIVED - V 

UNACKNOWLEDGED - V 

2-101. Co-utilization of SAPF. If multiple 
SAPs are located within a SAPF, a Memorandum of 
Agreement (MOA) shall be written between 
government program offices defining areas of 
authorities and responsibilities. The first SAP in an 
area shall be considered to be the senior program and 
therefore the CSA for the zone unless authority or 
responsibility is specifically delegated in the MOA. 



The MOA shall be executed prior to the introduction 
of the second SAP into the SAPF. 

An MOA or Co-utilization Agreement 
will satisfy this requirement. 
Co-utilization of SCI in a SAP should 
be referred to the SAP CSA for 
guidance. 

2-102. Access of Senior Management 
Officials. Only those Senior Management 
Officials requiring information pertaining to the 
SAP shall be processed for SAP access. 

2-103. Facility Clearances for 
Multifacility Organizations. 

All briefings and indoctrinations 
must be accomplished in a program 
accredited SAPF or other working 
facility (e.g., temporary SAPF as 
designated by the PSO). 

a. When cleared employees are located at uncleared 
locations, the CPSO may designate a cleared 
management official at the uncleared location who 
shall: 

1 . Process classified visit requests, conduct initial or 
recurring briefings for cleared employees, and 
provide written confirmation of the briefing to the 
CPSO. 

2. Implement the reporting requirements of the 
NISPOM and this Supplement for all cleared 
employees and furnish reports to the CPSO for 
further submittal to the CSA. 

3. Ensure compliance with all applicable measures of 
the NISPOM and this Supplement by all cleared 
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employees at that location. 



b. If a cleared management official is not available at 
the uncleared location, the CPSO (or designee) shall 
conduct the required briefing during visits to he 
uncleared location or during employee visits to the 
location or establish an alternative procedure with 
CSA approval. 
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Section 2. Personnel Clearances and Access 



2-200. General. This section establishes the 
requirements for the selection, processing, briefing, 
and debriefing of contractor personnel for SAPs. 

Access to SAP information is neither 
a right nor an entitlement; it is a 
wholly discretionary security 
determination granted only to those 
individuals who meet stringent 
background and security standards. 
Program Security Guides will list 
approved access approval 
authorities. See the limitation in 
paragraph 2-201 d. 

When approved by the PSO, a 
transfer in status may occur, 
providing the transfer is to a location 
where the security procedures do not 
differ unless approved by the PSO 
and there is a valid need to know. The 
gaining program manager and PSO 
will determine the transferee’s need 
for access and will notify the losing 
PSO of the programs required. The 
losing PSO will validate access and 
forward all appropriate access 
documentation to the gaining 
location. Grant special access to no 
one merely by reason of federal 
service, contracting status, as a 
matter of right or privilege, or as a 
result of any particular title, rank, 
position, or affiliation. 

In accordance with E.O. 12968, it is a 
matter of national personnel security 
policy that reciprocity is required 
among DoD SAPs operating at the 
same sensitivity level (baseline; 
enhanced). Therefore, favorable SAP 
access eligibility determinations 
(based on like investigations with no 
adverse information and without 
exception) shall be accepted 



mutually and reciprocally by all DoD 
Components. An individual with an 
existing SAP access shall not be 
denied access eligibility to another 
SAP of the same sensitivity level as 
long as the individual has a need for 
access to the information involved 
and meets the requirements of this 
section. Reciprocity decisions among 
waived SAPs shall be separately 
considered actions; however, 
reasonable accommodation to 
reciprocity shall be afforded, if 
practicable. Waived SAPs shall be 
protected, at a minimum, at the 
enhanced sensitivity level. Refer to 
Enclosure 4 of DoD Instruction 
5205.11 for policy guidance on 
sensitivity levels and reciprocity of 
access. 

2-201. Program Accessing Requirements 
and Procedures. 

a. The individual will have a valid need-to-know 
(NTK) and will materially and directly contribute to 
the Program. 

b. The individual will possess a minimum of a 
current, final SECRET security clearance or meet the 
investigative criteria required for the level of access. 
If a person's periodic reinvestigation (PR) is outside 
the five-year scope the PSO may authorize access. 
However, the individual will be immediately 
processed for either a Single Scope Background 
Investigation (SSBI) or National Agency Check with 
Credit (NACC) as required by the level of clearance 
or as otherwise required by the contract. 

PSOs may accept the SSBI or a 
National Agency Check with Local 
Agencies Check and Credit (NACLC) 
of another Federal agency if current 
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within five years. When another 
Federal agency conducts an 
individual’s Personnel Security 
Investigation (PSI), the adjudicative 
authority must review any 
disqualifying information, including, 
when available, access denial by 
another agency and the reasons 
therefore, before granting special 
access. 

If a person’s reinvestigation is 
outside the five-year scope, the 
individual must submit a periodic 
reinvestigation (PR) request through 
appropriate channels (using 
Standard Form 86/EPSQ) to the 
proper investigating agency. This PR 
request will prompt a Single Scope 
Background Investigation (SSBI) or 
National Agency Checks with Local 
Agency and Credit Checks (NACLC) 
as required by the level of clearance 
or as otherwise required by the 
Program. 

c. The contractor will nominate the individual and 
provide a description of the NTK justification. The 
CPM will concur with the nomination and verify 
Program contribution by signature on the Program 
Access Request (PAR). The CPSO will complete the 
PAR and review it for accuracy ensuring all 
required signatures are present. The CPSO signature 
verifies that the security clearance and investigative 
criteria are accurate, and that these criteria satisfy the 
requirements of the Program. Information regarding 
the PAR may be electronically submitted. While 
basic information shall remain the same, signatures 
may not be required. The receipt of the PAR package 
via a preapproved channel shall be considered 
sufficient authentication that the required approvals 
have been authenticated by the CPSO and contractor 
program manager. 

Use DD Form 2835, Program Access 
Request (SAP Format 1), to request 



special access. 

d. Access Criteria and Evaluation Process. In 

order to eliminate those candidates who clearly will 
not meet the scope for access and to complete the 
Personnel Security Questionnaire (PSQ), access 
evaluation may be required. In the absence of written 
instructions from the contracting activity, the 
evaluation process will conform to the following 
guidelines: 

1 . Evaluation criteria will not be initiated at the 
contractor level unless both the employee and 
contractor agree. 

2. Contractors will not perform access evaluation for 
other contractors. 

3. Access evaluation criteria will be specific and will 
not require any analysis or interpretation by the 
contractor. Access evaluation criteria will be 
provided by the government as required. 

4. Those candidates eliminated during this process 
will be advised that access processing has terminated. 

As part of the PAR processing 
procedure, the CPSO must check 
local record and file repositories, 
when available and accessible, 
before submitting a PAR. The query 
must reveal the existence of any local 
adverse information files concerning 
the nominee. 

e. Submit a Letter of Compelling Need or other 
documentation when requested by the PSO. 

f. Formats required for the processing of a SAP 
access fall into two categories: those required for the 
conduct of the investigation and review of the 
individual's eligibility; and those that explain or 
validate the individual’s NTK. These constitute the 
PAR package. The PAR package used for the access 
approval and NTK verification will contain the 
following: the PAR; and a recent (within 90 days) 
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PSQ reflecting pen and ink changes, if any, signed 
and dated by the nominee. 

Within DoD, PSQs are considered 
current if no more than 1 year has 
passed since being signed by the 
individual (vice 90 days). However, 
PSQs must be updated if not current 
within one year. Individuals who need 
to update their PSQ may use 
Standard Form 86 Certification (SF 
86C) (SAP Format 31) to satisfy this 
requirement. Unless the employee 
has exercised the privacy option, 
CPSOs must review the employee’s 
SF 86 for accuracy and completeness 
unless the employee seals the 
information in an envelope. If 
applicable, the CPSO should forward 
the sealed envelope to the PSO. 

g. Once the PAR package has been completed, the 
CPSO will forward the candidate's nomination 
package to the PSO for review: 

1. The PSO will review the PAR package and 
determine access eligibility. 

2. Access approval or denial will be determined by 
the GPM and/or access approval authority. 

3. The PSO will notify the contractor of access 
approval or denial. 

4. Subcontractors may submit the PAR package to 
the prime. The prime will review and concur on the 
PAR and forward the PAR and the unopened PSQ 
package to the PSO. 

h. SCI access will follow guidelines established in 
DCID 1/14. 

Note: DCID 6/4 superceded DCID 
1/14). 

SAP access will follow guidelines 



established by the Security Policy 
Board and published in DoD 5200.2R 
with the following clarifications: 

1. The individual’s immediate family 
or cohabitant(s), must also be U.S. 
citizens. An exception to this 
requirement may be granted when a 
compelling need exists. Submit 
letters of compelling need to the 
PSO. 

2. Anytime a candidate acquires 
immediate family members (to 
include spouse’s parents) or other 
persons to whom he or she is bound 
by affection or obligation and who 
are not U.S. citizens, he or she must 
report it to their security officer. SAP 
Format 20, Foreign Relative or 
Associate Interview, will be used to 
conduct an interview as determined 
by the PSO. 

3. For the purpose of SAP access 
eligibility determinations, marijuana 
or any other form of cannabis sativa 
is considered a “drug” (e.g., as 
described in DCID 6/4). 

4. Adjudication Authorities are 
established to uniformly apply the 
adjudication standards in this 
supplement and to ensure equitable 
and consistent access decisions that 
are neither capricious nor arbitrary 
and that conform to existing statutes 
and Executive Orders. 



i. Briefings 

1. Complete a DD Form 2836, Special 
Access Program Indoctrination 
Agreement for personnel being 
accessed. If a program requires a 
polygraph agreement, also complete 
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SAP Format 2a, Special Access 
Program Indoctrination Agreement 
(Polygraph Supplement). 

2. Have the individual approved for 
access sign the nondisclosure (DD 
Form 2836) and prebriefing (SAP 
Format 2a if polygraph is authorized 
for the program) acknowledgment 
sections before briefing. Then, 
conduct the program or project 
briefing and have the individual sign 
the briefing acknowledgment portion 
of DD Form 2836. Prepare a new DD 
Form 2836 (and SAP Format 2a, if 
appropriate) each time an individual 
is briefed to a higher level or 
reindoctrinated after being debriefed. 

3. If the program or project requires a 
polygraph agreement, as approved 
by the OSD SAPOC, and the 
individual has previously signed a 
briefing statement reflecting that he 
or she was not subject to a random 
polygraph, the individual must sign a 
SAP Format 2a, or be exempted by 
the component SAP Central Office. 
This may be accomplished during 
annual refresher training (see 
paragraph 3-103). 

j. Periodic Reinvestigations (PRs). A 
current investigation is defined as an 
investigation not older than five 
years. 

1. For outdated PSIs, request a PR 
when initial access is involved. 

2. Do not place SAP points of contact 
(POCs), program names, or other 
program identifiers on the DD Form 
1879. Instead annotate these forms in 
accordance with PSO guidance. 



2-202. Supplementary Measures and 
Polygraph. 

a. Due to the sensitivity of a Program or criticality of 
information or emerging technology, a polygraph 
may be required. The polygraph examination will be 
conducted by a properly trained, certified U.S. 
Government Polygraph Specialist. If a PR is outside 
the 5-year investigative scope, a polygraph may be 
used as an interim basis to grant access until 
completion of the PR. 

Within DoD, if a PR is outside the 5- 
year investigative scope, a waiver 
may be approved by the DoD 
component SAPCO, or designee, 
following a tier review (adjudication) 
of an updated and submitted PSQ. 
DoD components may utilize Cl- 
scope polygraph examinations in 
addition to submitting updated PSQs. 
However, Cl-scope polygraph 
examinations shall not be used as 
the only basis for granting interim 
access. 



In all cases where the polygraph is 
used for SAP screening purposes, 
the OSD SAPCO will be notified as 
part of the annual review process. 

b. There are three categories of polygraph: 
Counterintelligence (Cl), Full Scope (Cl and life 
style), and Special Issues Polygraph (SIP). The type 
of polygraph conducted will be determined by the 
CSA. 

2-203. Suspension and Revocation. All PSO 

direction to contractors involving the suspension or 
revocation of an employee's access will be provided 
in writing and if appropriate, through the contracting 
officer. 
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The contractor will inform all 
accessing authorities and/or 
Adjudication/Program Offices 
whenever an employee’s access has 
been suspended or revoked. 

When time is of the essence, the 
ADJUDICATION Authorities and the 
PSOs are empowered to verbally 
suspend a person’s special access. 
Unless unusual conditions prevail, 
written confirmation of the verbal 
direction is provided to the 
contractor no later than the close of 
business on the next working day. 

Revocations and denial of access 
will be administered when an 
individual does not meet the 
standards for SAP access. All 
revocations and denials of access 
will be forwarded in writing to the 
individual concerned through the 
designated point of contact. 

See Executive Order 12968 for 
additional clarification regarding 
revocations and denial of access. 

2-204. Appeal Process. The CSA will establish 
an appeal process. 

Whenever possible, all accessed 
persons or candidates for access are 
guaranteed the opportunity to appeal 
decisions to deny or limit their 
special access. They may appeal to a 
higher authority. Denial, revocation, 
or limitation of a candidate’s SAP 
access is an access decision only 
and may not be the basis for further 
unfavorable administrative actions. 
Such a decision does not reflect on 
any other aspect of the candidate’s 
loyalty, trustworthiness, or reliability. 

The appropriate Adjudication 



Authority notifies the employer’s 
designated point of contact of a 
decision to deny, revoke, warn, or 
limit its employee’s special access. 

The Appeals Board/Authority makes 
SAP access determinations. On 
occasion, overriding national 
security interests will not allow full 
disclosure of pertinent information. 

2-205. Agent of the Government. The 

Government may designate a contractor-nominated 
employee as an Agent of the Government on a case- 
by-case basis. Applicable training and requirements 
will be provided by the Government to contractors 
designated as Agents of the Government. 

2-206. Access Roster or List. Current access 
rosters of Program briefed individuals are required 
at each contractor location. They should be properly 
protected and maintained in accordance with the 
PSG. The access roster should be continually 
reviewed and reconciled for any discrepancies. The 
data base or listing may contain the name of the 
individual organization, position, billet number (if 
applicable), level of access, social security number, 
military rank/grade or comparable civilian rating 
scheme, and security clearance information. Security 
personnel required for adequate security oversight 
will not count against the billet structure. 

Submit an updated access list to the 
Government Program Office 
semiannually. If there is no change, 
send a negative report. 

2-207. Consultants (Baseline). 

a. A consultant is an individual 
whose services are retained by a 
company to provide specialized, 
professional services to accomplish 
a specific task. Services are retained 
through a professional service 
agreement and/or statement of work 
between the individual and the 
sponsoring company. 

A consultant to a SAP activity must 
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have the appropriate personnel 
security clearance on file with the 
sponsoring company and be 
approved for Program Access by the 
GPM and PSO. The transfer of a 
consultant’s security clearance will 
be requested by the sponsoring 
activity requiring the services. A 
copy of the Consultant Security 
Agreement which identifies the 
consultant’s security responsibility 
should be attached to the transfer 
request. The consultant will perform 
classified work at an approved SAPF 
in accordance with the sponsoring 
company’s DD Form 254. In addition, 
before the consultant can be 
considered to perform his or her 
specialized service, the company 
sponsoring the consultant must 
submit to the PSO, a copy of the 
Professional Service Agreement 
(PSA) and/or Statement of Work 
detailing what specific tasks he/she 
will be performing. Once consultant 
status is approved, the consultant’s 
Program Access Request package, 
which will also include an executed 
Consultant Security Agreement, can 
be adjudicated for access to the 
program. A Consultant Security 
Agreement can be obtained from the 
PSO. 

Upon access approval, the 
consultant will be escorted into the 
SAP area and given a thorough and 
in-depth security and technical 
briefing outlining the policies and 
procedures on how the SAPF 
operates in a Special Access 
environment. 

Any change in the consultant’s 
status, (i.e., he/she is hired by the 
sponsoring entity to work in their 



organization or any other deviation to 
the existing professional services 
agreement which would negate 
his/her consultant status), must be 
reported immediately to the GPM and 
PSO. 

b. Temporary Help. Contact the PSO 
for further guidance. 

A Temporary Help Supplier, 
purchased/leased labor (hereafter 
referred to as “Purchased Labor”) 
may be necessary, as are 
Consultants, on a case-by-case basis 
to provide required services to a 
Contractor or Government activity 
performing on SAP contracts. In such 
cases, the “Purchased Labor” must 
have the appropriate Personnel 
Security Clearance on file (via their 
employer) with the sponsoring 
organization (Government activity or 
contractor performing on SAP 
contracts) and be approved for 
program access by the GPM/PSO. 

The sponsoring organization, before 
the “Purchased Labor” can be 
considered to perform his/her 
specialized service on SAPs, must 
submit to the PSO a copy of the 
Unclassified Contractual 
Agreement/Purchase Order and 
Statement of Work (SOW) detailing 
specific tasks the “Purchase Labor” 
will be performing for the sponsoring 
organization. The CPSO is required 
to submit the Program Access 
Request (PAR) package, including 
the SOW and a signed copy of the 
Contractual Agreement/Purchase 
Order, to the PSO for Program 
Access adjudication and 
determination. 
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“Purchased Labor” may perform 
classified level work only in an 
approved SAPF as designated by the 
sponsoring organization. 

Administrative and Procedural issues 
relating to “Purchase Labor” should 
be referred to the PSO for further 
guidance and/or clarification. 

2-208. Congressional Access 
Requirements. Guidance on 
Congressional access to DoD SAPs 
is contained in DoD Instruction 
5205.11. Should a Member of 
Congress require SAP access, the 
Director, OSD SAPCO is to be 
provided prior notification by the DoD 
Components, through the appropriate 
OSD SAP Central Office, of any 
members of the congressional staff 
or Congress that may be provided 
access. All communications and 
information flow between the 
authorized Congressional Members 
and staff shall be coordinated 
through the OSD SAPCO. 

Legislative employees nominated for 
access first shall have been the 
subjects of a favorably-adjudicated 
background investigation conducted 
by a DoD-approved investigative 
agency as appropriate to the 
personnel security requirements of 
the particular SAP. The following are 
those who may be granted access : 

a) Members of Congress assigned to 
the defense committees (and to the 
intelligence committees for 
Intelligence SAPs) may be accessed 
to all DoD SAPs, except waived 
SAPs. Access to waived SAPs is 
restricted to the Chair and the 
Ranking Minority Member. 



b) Members of Congress not 
assigned to the defense committees 
(or to the intelligence committees for 
intelligence SAPs) may be granted 
access to non-waived DoD SAPs with 
the concurrence of the Department of 
Defense after consultation with the 
Chair and the Ranking Minority 
Member of the defense committees. 

c) Access to non-waived SAPs by 
professional staff members of the 
defense and intelligence committees 
may be granted with the concurrence 
of the Department of Defense after 
consultation with the Chair and the 
Ranking Minority Member of the 
defense committees. 

d) The personal staff of a Member of 
Congress shall not be granted 
access to DoD SAPs. 
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Chapter 3 

Security Training and Briefings 
Section 1. Security Training and Briefings 



3-100. General. Every Special Access Program 
(SAP) will have a Security Training and Briefing 
Program. As a minimum, SAP-indoctrinated 
personnel will be provided the same or similar 
training and briefings as outlined in the baseline 
NISPOM. In addition, CPSOs responsible for SAPs 
at contractor facilities will establish a Security 
Education Program to meet any specific or unique 
requirements of individual special access programs. 
Topics which will be addressed, if appropriate to the 
facility or the SAP(s), include: 

The security education program 
applies to all program-accessed 
individuals. Tailor specific security 
education programs to the mission 
and function of the activity. Gear 
individual training to the current 
specific job. Table 1 summarizes 
training requirements. 

a. Security requirements unique to SAPs; 

b. Protection of classified relationships; 

c. Operations Security (OPSEC); 

d. Use of nicknames and code words; 

e. Use of special transmission methods; 

f. Special test-range security procedures; 

g. Procedures for Unacknowledged SAP security. 

An Unacknowledged SAP will require additional 
security training and briefings, beyond that required 
in the baseline. Additional requirements will be 
specified in the Contract Security Classification 
Specification and will address steps necessary to 
protect sensitive relationships, locations, and 
activities. 



h. Specific procedures to report fraud, waste, and 
abuse. 

i. Computer security education that is to include 
operational procedures, threats, and vulnerabilities. 

When oral attestations are required 
they will be specified by contract 
provisions (DFARs 252.204-7005) or 
memorandum. 

Ensure that all persons who are 
responsible for and access 
computers are aware of proper 
operational and security-related 
procedures. Conduct computer 
security refresher training at least 
annually (along with, or separately 
from, other refresher training 
[paragraph 3-103]). 

j. Writing unclassified personnel appraisals and 
reviews. 

k. Third-Party Introductions. The purpose of the 
Third-Party Introduction is to provide a clearance 
and/or access verification to other cleared personnel. 
The introduction is accomplished by a briefed third 
party, who has knowledge of both individual's 
accesses. 

The CPSO or other security 
education manager who provides 
overall management and direction for 
security education programs. The 
PSO exercises responsibility for 
individual SAP programs. Appointed 
Security Officers at all levels 
supervise security education, 
determine specific training 
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requirements, and provide assistance 
and guidance as required. 
Supervisors ensure completion of 
required training. The Program 
Director and other management 



officials are responsible to implement 
a security education program and 
emphasize their support by individual 
example. 



Table 1. Training Requirements 







Documentation 


Remarks 


Indoctrination 


One Time 


DD Form 2836/SAP 
Format 2a 


Gear Toward Job 
Involved 






Any Method 


Use Any Method 


Refresher 


Annual 


Format 17/Data 
Base 


Mandatory Subjects 


Foreign 

Travel 


ISSRHIIIIII 


SAP Format 17 


Mandatory Subjects 


Termination 


One Time 


DD Form 2836/SAP 
Format 2a 


Mandatory Subjects 



(NOTE: other types of training are addressed on a case by case basis.) 



3-101. Security Training. The CPSO will 

ensure that the following security training measures 
are implemented: 

a. Initial Program Security Indoctrination. Every 
individual accessed to a SAP will be given an initial 
indoctrination. The briefing will clearly identify the 
information to be protected, the reasons why this 
information requires protection, and the need to 
execute a NDA. The individual will be properly 
briefed concerning the security requirements for the 
Program, understand their particular security 
responsibilities, and will sign a NDA. This 
indoctrination is in addition to any other briefing 
required for access to collateral classified or company 
proprietary information. It will be the responsibility 
of the PSO to provide to the contractor information as 
to what will be included in the initial indoctrination 



to include fraud, waste, and abuse reporting 
procedures. 

b. Professionalized AIS training may be required of 
all contractor Information Systems Security 
Representatives (ISSRs) to ensure that these 
individuals have the appropriate skills to perform 
their job functions in a competent and cost-effective 
manner. This training will be made available by the 
CSA. The training should consist of, but not be 
limited to, the following criteria: 

1. Working knowledge of all applicable and national 
CSA regulations and policies including those 
contained in this supplement; 

2. Use of common Information Security (INFOSEC) 
practices and technologies; 

3. AIS certification testing procedures; 
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4. Use of a risk management methodology; 

5. Use of configuration management methodology. 

Industrial security education and 
training materials are frequently 
developed and issued by the Defense 
Security Service (DSS), defense 
contractors, and other Government 
agencies. Such materials are 
available by purchase, on loan, or 
free of charge. All Security Officers 
are encouraged to obtain, tailor, and 
use these materials to enhance their 
security education program. A word 
of caution: Before use, closely review 
these materials and ensure that they 
do not contain guidance that 
contradicts established SAP 
procedures. Additionally, use of 
these materials by themselves does 
not fully satisfy SAP security 
education requirements (SAP 
security education programs must 
include program-unique and SAP 
items). 

The PSO may distribute SAP-related 
materials through each CPSO. 
Materials include the Security Action 
Report, posters, FWA items, and 
counterintelligence items of interest. 
Retain these materials within 
approved SAPFs. 

Ensure that each individual to be 
program accessed understands his 
or her obligations and 
responsibilities for security. Include a 
combination of written and verbal 
briefings. Use excerpts from the 
espionage laws and explain the 
agreement and laws to each 
individual. Include actions persons 
may take to defeat Foreign 
Intelligence Service (FIS) efforts. 



If appropriate, design a separate 
briefing for each level of access, 
compartment, and project. Include 
local procedures as well as items 
from the specific PSD document. If 
appropriate, cover the potential 
requirement for a polygraph 
examination and state that such 
examination is limited to 
counterintelligence and 
counterespionage questions. Brief 
each individual based on function 
and specific to the role and function 
the individual will be accessed. Do 
not solely use the “read-and-sign” 
method to satisfy this training 
requirement. 

3-102. Unacknowledged Special Access 
Programs (SAP). Unacknowledged SAPs require 
a significantly greater degree of protection than 
Acknowledged SAPs. Special emphasis should be 
placed on: 

a. Why the SAP is Unacknowledged; 

b. Classification of the SAP; 

c. Approved communications system; 

d. Approved transmission systems; 

e. Visit procedures; 

f. Specific program guidance. 

3-103. Refresher Briefings. Every accessed 
individual will receive an annual refresher briefing 
from the CPSO to include the following, as a 
minimum: 

a. Review of Program-unique security directives or 
guidance; 

b. Review of those elements contained in the original 
NDA. 
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NOTE. The PSO may require a record to be 
maintained of this training. 

This refresher training replaces what 
used to be called reindoctrination 
training. The name change was made 
to emphasize that the purpose of this 
training is to present new and 
applicable training rather than a re- 
accomplishment of the indoctrination 
briefing. There is no need to re-sign 
the initial briefing statement (DD 
Form 2836) once it has been initially 
authenticated. This training should 
be conducted on a face-to-face basis 
and must include all non-full-time 
employees regardless of their work 
location. Refresher training may be 
conducted throughout the calendar 
year or accomplished at one session. 
If approved by the PSO or higher 
authority, (1) Individuals accessed to 
multiple SAPs need only attend one 
generic briefing or training session, 
and/or (2) similar training conducted 
by security personnel from other 
agencies or departments may also 
satisfy refresher training. Specific 
program unique refresher briefings 
will be provided on a case-by-case 
basis as significant events occur. 

Topics to cover include: 

• Foreign intelligence techniques and 
threat reporting (information that 
must be reported to the PSO). 

• Discussing program information 
over unsecured telephones and use 
of STU lll/STEs. Ensure that 
personnel are briefed on the use of 
STU lll/STEs before use and annually 
thereafter. As a minimum, discuss 
the protection of information 
transmitted, specific STU lll/STE 



security requirements, STU lll/STE 
security incident identification, and 
reporting requirements. Pay 
particular attention to, and expand 
the training for, personnel who 
operate fax machines connected to 
STU lll/STEs. 



• Information concerning actual or 
potential terrorism, terrorist groups, 
espionage, or sabotage of any U.S. 
facility, activity, person, or resource. 

• Adverse affects to national security 
resulting from unauthorized 
disclosure. 



• Derivative classification and 
marking requirements. 

• Adverse reporting (Continuing 
Evaluation of Personnel Program). 

• Reporting FWA (through SAP 
channels). 

• Program vulnerabilities, program 
threat, and OPSEC. 

• Computer security (applicable for 
computer users only), to include 
computer operating procedures, 
audit trails, logs, forms, receipts, 
media protection, use of system, 
copyright laws, and licensing 
agreements. 

• Common security deficiencies 
discovered during recent security 
self-reviews; usually, self-reviews or 
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other security reviews identify 
security weaknesses and are an 
excellent tool to identify additional 
training needs. 

• Other security education topics 
such as document control, 

TEMPEST, reproduction, etc., may be 
included in refresher training. 



Personal Status Changes. During 
refresher training, give personnel the 
opportunity to report any previously 
unreported personal status changes. 
Optionally, require persons to review 
their SF Form 86, update as 
necessary, and authenticate its 
currency in block 18 on the original 
form. 

NOTE: Pursuant to the training matrix 
on page 3-1-2, document all security 
education training and file the 
documentation in individual’s folder. 
Use DD Form 2836/SAP Format 2A to 
document briefings and debriefings. 
Use SAP Format 17 to record 
refresher or foreign travel training. If 
multiple SAPs are involved, a 
centralized record system may be 
used. A computer database to reflect 
training conducted may be 
substituted for filing training records 
in individual folders. 

3-104. Debriefing and/or Access 
Termination. Persons briefed to SAPs will be 
debriefed by the CPSO or his designee. The 
debriefing will include as a minimum a reminder of 
each individual's responsibilities according to the 
NDA which states that the individual has no 
Program or Program-related material in his/her 
possession, and that he/she understands his/her 



responsibilities regarding the disclosure of classified 
Program information. 

Design a formal debriefing program 
which appropriately addresses the 
following: 

• How to obtain a release before 
publishing. 

• What can and cannot be discussed 
or placed in resumes and 
applications for security clearances. 

• Turning in all holdings. 

• Applicability of, and penalties for, 
engaging in espionage. 

• Who (the POC) to report suspected 
FIS contacts or any attempt by 
unauthorized persons to solicit 
program data. The priority (top to 
bottom) for reporting this information 
is as follows: 



• Servicing SAP Security Officer. 

• CPSO or member of CPSO’s 
organization. 

• Nearest FBI office. 

(NOTE: Contact the PSO/CPSO 
before discussing classified or 
program information with the FBI). 

• Ensure that appropriate espionage 
laws and codes are available (as an 
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optional handout) and provide the 
same on request. 

a. Debriefings should be conducted in a SAPF, 
Sensitive Compartmented Information Facility 
(SCIF), or other secure area when possible, or as 
authorized by the PSO. 

b. Procedures for debriefing will be arranged to 
allow each individual the opportunity to ask 
questions and receive substantive answers from the 
debriefer. 

c. Debriefing Acknowledgments will be used and 
executed at the time of the debriefing and include 
the following: 

1. Remind the individual of his/her continuing 
obligations agreed to in the SAP NDA. 

2. Remind the individual that the NDA is a legal 
contract between the individual and the U.S. 
Government. 

3. Advise that all classified information to include 
Program information is now and forever the 
property of the U.S. Government. 

4. Remind the individual of the penalties for 
espionage and unauthorized disclosure as contained 
in Titles 18 and 50 of the U.S. Code. The briefer 
should have these documents available for handout 
upon request. Require the individual to sign and 
agree that questions about the NDA have been 
answered and that Titles 18 and 50 (U.S. Codes) 
were made available and understood. 

5. Remind the individual of his/her obligation not to 
discuss, publish, or otherwise reveal information 
about the Program. The appearance of Program 
information in the public domain does not 
constitute a de facto release from the continuing 
secrecy agreement. 

6. Advise that any future questions or concerns 



regarding the Program (e.g., solicitations for 
information, approval to publish material based on 
Program knowledge and/or experience) will be 
directed to the CPSO. The individual will be 
provided a telephone number for the CPSO or PSO. 

7. Advise that each provision of the agreement is 
severable ( i.e., if one provision is declared 
unenforceable, all others remain in force). 

8. Emphasize that even though an individual signs a 
Debriefing Acknowledgment Statement, he/she is 
never released from the original NDA/secrecy 
agreement unless specifically notified in writing. 

d. Verify the return of any and all SAP classified 
material and unclassified Program-sensitive material 
and identify all security containers to which the 
individual had access. 

e. When debriefed for cause, include a brief 
statement as to the reason for termination of access 
and notify the PSO. In addition the CPSO will notify 
all agencies holding interest in that person's 
clearance/ accesses . 

Because the CPSO may not be aware 
of all programs an individual is 
accessed to, the PSO will notify 
service counterparts known to have 
activity at a particular location. The 
PSO will ensure that the adjudication 
authority is notified as well when 
such notification is required. 

f. The debriefer will advise persons who refuse to 
sign a debriefing acknowledgment that such refusal 
could affect future access to special access programs 
and/or continued clearance eligibility. It could be 
cause for administrative sanctions and it will be 
reported to the appropriate Government Clearance 
Agency. 

If an individual refuses to execute a 
debriefing form, administer an oral 
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debriefing in the presence of a 
witness and annotate the debriefing 
form: "ORAL DEBRIEFING 
CONDUCTED; INDIVIDUAL REFUSED 
TO SIGN." The briefer and witness 
sign beneath the statement attesting 
to this action. Immediately report this 
fact to the PSO. The PSO will contact 
other organizations as required. 

g. Provide a point of contact for debriefed 
employees to report any incident in the future which 
might affect the security of the Program. 

3-105. Administrative Debriefings. Efforts 

to have all Program-briefed personnel sign a 
Debriefing Acknowledgment Statement may prove 
difficult. If attempts to locate an individual either by 
telephone or mail are not successful, the CPSO 
should prepare a Debriefing Acknowledgment 
Statement reflecting the individual was 
administratively debriefed. The Debriefing 
Acknowledgment Statement will be forwarded to the 
PSO. The CPSO will check to ensure that no 
Program material is charged out to, or in the 
possession of these persons. 

If the whereabouts of the individual 
cannot be determined in 30 days, 
administratively debrief the individual 
by completing a debriefing form, 
annotating the form with, INDIVIDUAL 
NOT AVAILABLE; 
ADMINISTRATIVELY DEBRIEFED. 

The SO (Security Officer) signs the 
debriefing form and attaches a 
narrative explanation. 

3-106. Recognition and Award Program. 

Recognition and award programs could be 
established to single out those employees making 
significant contributions to Program contractor 
security. If used, CPSOs will review award write-ups 
to ensure recommendations do not contain classified 
information. 



3-107. Foreign Travel. Training is 
provided to all accessed personnel 
annually or before travel, whichever 
is earlier. Include both general and 
country-specific information and 
threat advisories, when appropriate. 
See paragraph 1-300e for additional 
information on reporting foreign 
travel and contacts. 



a. Recommended Topics. Depending 
on destination include: 



• Foreign intelligence techniques, 
terrorist activities, civil situations, or 
other hazards to personal safety for 
the region being visited. 

• Reporting foreign travel and foreign 
contacts of significance (information 
that must be reported to the PSO as 
listed in paragraph 1-300e). 

b. Reciprocity. Individuals accessed 
to multiple SAPs need only attend 
one foreign travel briefing. 

3-108. Specialized Training. Training 
is given periodically throughout the 
period of time an individual has 
program access. It is designed for a 
category of individual job 
assignment, (e.g., security specialist, 
administrative, document handler, 
engineer). It also may be designed to 
cover specific items of interest, e.g., 
review result, new test, or change in 
program status. 

a. Security Officers must develop an 
aggressive, ongoing security 
education program. Conduct this 
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training when special events are 
scheduled. 



b. Provide a defensive briefing on 
elicitation techniques used by FIS to 
persons attending international 
conferences and symposia, 
regardless of location. On their 
return, provide the PSO a report 
when FIS contact was made or 
suspected. Information in this 
briefing is normally provided by the 
Government. 



c. Brief couriers as specified in 
paragraph 5-402b. 
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Chapter 4 

Classification and Markings 
Section 1. Classification 



Challenges to Classification. All challenges 
to SAP classified information and/or material shall 
be forwarded through the CPSO to the PSO to the 
appropriate Government contracting activity. All 
such challenges shall remain in Program channels. 

4-100. Program Directors (PDs) and 
Contractor Program managers 
(CPMs) share responsibility for 
accuracy, currency, and necessity of 
classifications applied to documents 
and material. 

4-101. Program Classification. See 
each Program or Project Security 
Classification Guide (PSCG) for 
program specific, operational and 
technical security classification 
guidance. 

4-102. Nicknames, Code words, and 
other Identifiers. 

a. Coordinate and request 
nicknames and project names 
through the PSO. 

b. Request a change of nicknames, 
code words, and other program 
identifiers immediately when 
compromised or suspected of 
compromise. 

c. There is no established timeframe 
to change program 



identifiers. After continuous use, 
however, they become synonymous 
with the program. This defeats their 
purpose and they become ineffective 
from an OPSEC viewpoint. The PD or 
PSO makes this determination and 
requests a nickname or code word 
change through the Security Director. 

d. The use of a code word, its 
meaning, and classification guidance 
must be placed in the program 
security classification guide. 

e. In accordance with DoD 5200.1 -R, 
all DoD SAPs require unclassified 
nicknames. Use of classified code 
words is optional. 

f. Nicknames and code words must 
be selected using the procedures 
specified in CJCSM 3150.29B, “Code 
Word, Nickname, and Exercise Term 
(NICKA) System,” to prevent 
inadvertent duplication. 

4-103. DD Form 254 Requirements. 

a. Prepare DD Form 254, DoD 
Contract Security Classification 
Specification, for each contractor 
and subcontractor. Use DD Form 254 
to transmit the PSCG, Program 
Security Guide (PSG) and/or other 
documents containing security 
classification guidance. 
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b. The contractor will maintain a 
current listing of the location of 
containers, rooms, and completely 
dedicated buildings that contain SAP 
materials and are carved out from 
DSS cognizance. Provide this list to 
the PSO, who will include this 
information in the program database. 



c. Do not attach lengthy attachments 
to DD Forms 254 that merely repeat 
information, policy, and procedures 
contained in any other security 
directive (e.g., TEMPEST policy). 



The PSO will prepare and forward to 
the Contracting Officer an approved 
DD Form 254 for each prime contract. 
For subcontracts, the prime CPSO 
will prepare a proposed DD Form 254 
and forward it to the PSO for 
approval before signature by the 
prime contractor and release to 
subcontractors. 



e. The PSO provides detailed 
guidance pertaining to DD Forms 254 
on classification, release to the DSS, 
carve-out status, etc. 
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Section 2. Marking Requirements 



4-200. General. Classified material that is 
developed under a SAP will be marked and 
controlled in accordance with the NISPOM, this 
Supplement, the Program Security Classification 
Guide, and other Program guidance as directed by 
the PSO. 

4-201. Additional Provisions and 
Controls. The PSO may specify additional 
markings to be applied to SAP working papers based 
on the sensitivity and criticality of the Program, when 
approved by the CSA. 

4-202. Engineer's Notebook. An engineer's 

notebook is a working record of continually changing 
Program technical data. It should NOT include drafts 
of correspondence, reports, or other materials. The 
outer cover and first page will be marked with the 
highest classification level contained in the 
notebook. Portion marking or numbering is not 
required. Other requirements pertaining to these 
notebooks may be imposed by the PSO. 

See paragraph 5-206 for additional 
information. 

4-203. Cover Sheets. Cover sheets will be 
applied to SAP documents when the documents are 
created or distributed. NOTE: CODE WORDS 
WILL NOT BE PRINTED ON THE COVER 
SHEETS. The unclassified nickname, digraph, or 
trigraph may be used. 

Cover sheets are not required on 
Classified Documents while stored in 
safe containers. 

4-204. Warning Notices. Generally, Program 
classified marking and transmission requirements 
will follow this Supplement. Transmission of 
Program or Program-related material will be 
determined by the PSO. Besides the classification 
markings, inner containers will be marked: 



followed by the name of the individual to whom the 
material is sent. A receipt may be required. Apply 
the following markings on the bottom center of the 
front of the inner container: 



WARNING 



THIS PACKAGE CONTAINS CLASSIFIED U.S. 
GOVERNMENT INFORMATION. 
TRANSMISSION OR REVELATION OF THIS 
INFORMATION IN ANY MANNER TO AN 
UNAUTHORIZED PERSON IS PROHIBITED BY 
TITLE 18, U.S. CODE, SECTION 798 (OR TITLE 
42, SECTION XX FOR RD OR FRD MATERIAL). 
IF FOUND, PLEASE DO NOT OPEN. "CALL 
COLLECT" THE FOLLOWING NUMBERS, (area 
code) (number) (PSO/CPSO work number) DURING 
WORKING HOURS OR (area code) (number) 
(PSO/CPSO) AFTER WORKING HOURS. 

Handle Via Special Access Channels 
Only (HVSACO) may be imposed by 
the PSO to identify information which 
must remain in SAP controlled 
protective channels when associated 
with a SAP. See Appendix A for a 
definition. Appendix H explains 
control, dissemination, transmission, 
etc., of HVSACO. 



"TO BE OPENED ONLY BY:" 
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Chapter 5 

Safeguarding Classified Information 
Section 1. General Safeguarding Requirements 



5-100. General. Classified and unclassified 
sensitive SAP material must be stored in SAP CSA 
approved facilities only. Any deviations must have 
prior approval of the SAP CSA or designee. DoD 

will strive for consistent applications 
of physical security safeguards. 
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Section 2. Control and Accountability 



5-200. General. Contractors shall develop and 
maintain a system that enables control of SAP 
classified information and unclassified Program 
sensitive information for which the contractor is 
responsible. 

5-201. Accountability. Accountability of 
classified SAP material shall be determined and 
approved in writing by the CSA or designee at the 
time the SAP is approved. A separate accountability 
control system may be required for each SAP. 

a. The following types of classified 
information require accountability 
(personal signature or other 
identifiers). This material will be 
entered into a document 
accountability system whenever it is 
received, generated, or dispatched, 
either internal or external to the 
command or contractor. 

1. All TOP SECRET information 
requires accountability. Assign a 
document control number and 
specific copy number to each Top 
Secret document generated in, 
received by or dispatched from the 
SAPF. 

2. Maintain a disclosure (access) 
record for each Top Secret document 
maintained in the SAPF. Use a cover 
sheet and attach it to each TOP 
SECRET document. Record the 
identity of persons given access to 
the information and the date of 
disclosure on the cover sheet. 

Record the name only once 
regardless of the number of times 
subsequent access occurs. 

3. All COMSEC material will be 
accounted for in accordance with 



published COMSEC guidelines. 

4. Magnetic Media shall be controlled 
as required in Chapter 8. 

5. At the direction of the CSA, full 
accountability may be required for 
SECRET/SAR material. 



b. To minimize proliferation of 
multiple document logs and 
accountability systems in the SAPF, 
the SO may elect to log all 
Confidential and Secret SAR receipt 
and dispatch transitions in the Top 
Secret document accountability 
system rather then create separate 
documents logs. 

c. The accountability system will 
require individual responsibility for 
all TOP SECRET information, 
COMSEC material, and vendor 
software in the SAPF. It will be 
approved by the PSO prior to 
implementation. The document 
accountability system will be able to 
produce a Master Document Listing 
that reflects all transactions within 30 
day of generation, receipt, or 
dispatch. If an automated system is 
used, a backup duplicate record 
(manual or automated) will be 
retained to permit recall in even of 
loss (system crash). 

d. Specific format, retention 
requirements, and disposition 
instructions for custodial logs will be 
incorporated in the agency and 
contractor’s SOP. After PSO 
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approval, the control log will be 
maintained in accordance with the 
SOP. 



e. AIS Media Control System. A 
system of procedures, approved by 
the PSO, which provides controls 
over use, possession, and movement 
of magnetic media in SAPFs. These 
procedures must insure all magnetic 
media (classified and unclassified) is 
adequately protected to avert the 
unauthorized use, duplication or 
removal of the media. Unclassified 
media must be secured in limited 
access containers or labeled with the 
identity of the individual responsible 
for maintaining the material. 

Note: Media control and 
accountability will be further 
addressed in the DoD Manual for SAP 
AIS. 

5-202. Annual Inventory. An annual inventory 
of accountable SAP classified material may be 
required. The results of the inventory and any 
discrepancies, may be required to be reported in 
writing to the PSO. 

Except when otherwise directed by 
the DoD component, a 100 percent 
annual inventory will be conducted 
for TS material. The TS Control 
Officer (TSCO) or alternate TSCO and 
a disinterested party will conduct this 
inventory and document the results. 
Discrepancies will be investigated 
immediately. If the CSA approves 
accountability requirements for other 
levels of classified material, the PSO 
may specify the frequency of 
inventories. 



5-203. Collateral classified material required to 
support a SAP contract may be transferred within 
SAP controls. Transfer will be accomplished in a 
manner that will not compromise the SAP or any 
classified information. The PSO will provide 
oversight for collateral classified material 
maintained in the SAP. Collateral classified material 
generated during the performance of a SAP contract 
may be transferred from the SAP to the contractor's 
collateral classified system. The precautions required 
to prevent compromise will be approved by the PSO. 

5-204. TOP SECRET/SAR Working 
Papers Accountability, Marking and 
Destruction. 

a. TOP SECRET/SAR working papers 
may be created for short-term 
material development within the 
SAPF. 



b. TOP SECRET/SAR working papers 
shall be properly classified, program 
marked and protected in an approved 
SAPF. Attach a cover sheet and 
plainly mark the date of origin and 
annotate “WORKING PAPER” on the 
cover sheet. 



c. TOP SECRET/SAR working papers 
shall either be entered into the 
accountability system or destroyed 
within 30 calendar days from the date 
of origin or as stipulated in other 
Defense directives. Thereafter, the 
document must be assigned a 
document accountability number and 
copy designation. It will be formally 
entered into the accountability 
system. 

d. A TOP SECRET/SAR working 
paper will be reconfigured to display 
the appropriate document 
accountability and copy designation 
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and all applicable cover, page, 
paragraph, portion markings, and 
declassification instructions prior to 
transmission, and/or change of 
custodianship. 

5-205. Secret Working Papers. 

a. If the CSA established 
accountability requirement for 
program SECRET/SAP material, then 
the instructions in 5-204 shall apply 
to all SECRET/SAP working papers 
and 5-206 Working Notebooks. 

5-206. Top Secret Working 
Notebooks. Working notebooks are 
authorized only as a special category 
of working papers for which the 
retention limitation does not apply. 

a. Consider only materials that 
undergo frequent change and 
revision in this category. Do not 
include in these notebooks verbatim 
drafts of final correspondence or 
other materials that transition from 
notes to draft to formal 
documentation. 

b. Working notebooks (loose-leaf) 
are exempt from normal document 
accountability for each page or 
document within the notebook. 
Instead, assign and control the 
notebook as one document. A table 
of contents is required to ensure 
completeness. 

c. Before using bound notebooks, 
prenumber each page consecutively 
and place the notebook document 
control number on each page. Do not 



remove pages from these notebooks. 
As an optional method to a bound 
notebook, three ring or loose-leaf 
binders can be used. 



d. Mark the outer cover or first page 
with the TOP SECRET classification. 
Date entries when they are created. 
Mark each page with the highest 
classification contained therein, but 
portion marking is not required. 

e. Do not reproduce working 
notebooks or transfer material from a 
notebook to any location unless the 
material is entered into formal 
document accountability, or there is 
change of custodianship. 
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Section 3. Storage and Storage Equipment 

(not further supplemented) 
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Section 4. Transmission 



5-400. General. SAP classified material shall be 
transmitted outside the contractor's facility in a 
manner that prevents loss or unauthorized access. 

Establish a focal point to oversee 
transmission of program material. 

Use the following order of 
precedence: 

• Cryptographic communications 
systems (secure fax/AIS). 

• Courier (PSO approval required for 
commercial courier). 

• United States Postal Service (USPS) 
registered mail (return receipt 
requested); limit to S/SAP and below 
materials. 

(Baseline) Hardware. Except for 
OPSEC considerations and before 
any hardware movement of classified 
program assets, develop a 
transportation plan and obtain the 
PSO’s approval. Develop the plan 
early in the program development to 
facilitate required coordination 
between various entities. Appoint a 
program-accessed individual, 
knowledgeable about program 
security requirements, to serve as 
the focal point for transportation 
issues. Ensure that the planning 
includes priority of transportation 
modes (Government surface/air, 
commercial surface/air) and 
inventory of classified hardware to 
ensure program integrity. Also, make 
sure that transportation methods 
maintain a continuous chain of 
custody between the origination and 
destination, and comply with all 



5-401. Preparation. All classified SAP material 
will be prepared, reproduced, and packaged by 
Program-briefed personnel in approved Program 
facilities. 

Unless otherwise stipulated by the 
CSA, only receipt and dispatch 
records are required for Confidential 
SAP, Secret SAP, or Unclassified 
HVSACO material (individual 
receipting is not required). The SO 
will establish a dedicated document 
log, classified at the appropriate 
level, for record dispatch and receipt 
transactions involving SAP classified 
documents. Although document titles 
may be unclassified, the compilation 
of information may require the 
document log to be classified. 
Consult the program classification 
guide and the PSO for guidance. 

Refer to paragraph 5-202 of the 
NISPOM baseline for further 
information on the receipt and 
dispatch log. 

Do not include a receipt (other than 
dispatch record) for unclassified 
and/or confidential unless required 
by the CSA. Include a listing of 
confidential, and/or as required by 
the CSA for unclassified HVSACO, 
materials that are contained in the 
package for which the recipient will 
acknowledge. 

Receipts are required for Secret and 
TS materials (refer to para 5-202 
baseline NISPOM for required 
information to be included on a 
receipt). 
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Department of Transportation laws 
and PSGs. 




• Classifiy receipts only when 
compilation of subject material 
requires classification. 

• Show an unclassified address on 
the TO and FROM blocks. 

• Security Officers make these 
determinations based on their 
judgment. 

When a receipt or acknowledgment 

of a shipment of material is not 

returned within 30 days: 

• Initiate tracer action. 

• Reproduce a copy of the receipt 
held in suspense control files; 
mark it ‘TRACER-ORIGINAL 
RECEIPT NOT RECEIVED-PLEASE 
RESPOND WITHIN 7 DAYS’. 

• Send the tracer receipt to the 
intended recipient of the initial 
transmission. 

• If the recipient does not respond 
within 15 days or did not receive 
the material, immediately initiate a 
preliminary inquiry. 



5-402. Couriers. The PSO through the CPSO 

will provide detailed courier instructions to couriers 
when hand-carrying SAP material. The CPSO will 
provide the courier with an authorization letter. 

Report any travel anomalies to the CPSO as soon as 
practical. The CPSO will notify the PSO.The PSO 

may authorize exceptions to the 
above requirements when 
operational considerations dictate. 

The PSO must approve transmission 
of TOP SECRET/SAP information 
aboard commercial aircraft. 



a. Prepare a courier authorization 
letter in accordance with Section 5- 
41 1 .c of the NISPOM and brief in 
accordance with Appendix F. Brief 
couriers and then obtain the couriers’ 
signatures acknowledging the 
briefing. Brief frequent couriers 
initially and annually thereafter. 
Debrief couriers on their return when 
problems are encountered or 
reported. 

b. Unless a single courier is 
approved by the PSO, a two-person 
courier team is required for Top 
Secret/SAP. A single-person courier 
can be used for Secret/SAP and 
below materials. Provisions shall be 
made for additional couriers and/or 
access to approved security 
containers for overnight storage 
when it appears continuous vigilance 
over the material cannot be 
sustained. 

5-403. Secure Facsimile and/or Electronic 
Transmission. Secure facsimile and/or electronic 
transmission encrypted communications equipment 
may be used for the transmission of Program 
classified information. When secure facsimile 
and/or electronic transmission is permitted, the PSO 
or other Government cognizant security reviewing 
activity will approve the system in writing. 
Transmission of classified Program material by this 
means may be receipted for by an automated system 
generated message that transmission and receipt have 
been accomplished. For TOP SECRET documents a 
receipt on the secure facsimile may be required by 
the PSO. 



The provisions of this section do not 
apply to the electronic transmission 
of information within an automated 
information network. Guidance on 
automated information networks is 
contained in Chapter 8. 
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The following additional rules apply 
to secure facsimile transmission: 

a. Do not use facsimile terminals 
equipped with the automatic polling 
function enabled unless authorized 
by the PSO. 

b. When approved by the PSO, SAP 
documents classified SECRET/SAR 
and below may be receipted for via 
an automated generated message 
that confirms undisturbed 
transmission and receipt. This 
provision does not apply, however, to 
TOP SECRET or TOP SECRET/SAR 
documents transmitted over a secure 
facsimile terminal. Receipting for 
TOP SECRET or TOP SECRET/SAR 
documents passed over a secure 
facsimile terminal must adhere to 
standard receipt procedures for TOP 
SECRET material. The recipient must 
acknowledge receipt of the TOP 
SECRET material and return his/her 
signature to the sender on a receipt 
at the time of transmission. DoD 
Components may grant 3 business 
daytime extensions to the secure fax 
transmission TOP SECRET signature 
requirement based upon operational 
considerations. 

5-404. U.S. Postal Mailing. A U.S. Postal 

mailing channel, when approved by the PSO may be 
established to ensure mail is received only by 
appropriately cleared and accessed personnel. 

Use USPS registered mail for 
SECRET/SAR material. Use U.S. 
Postal Service certified mail for 
CONFIDENTIAL/SAR. “For Official 
Use Only” and unclassified HVSACO 
material may go by First Class mail. 
P.O. Boxes should be used only with 
prior approval of the PSO. 



a. Except for TS, USPS Express Mail 
can be used for overnight 
transmission on a case-by-case basis 
upon approval of the PSO. 

b. Use only approved U.S. 
Government contract commercial 
carriers. 



c. These methods of transmitting 
selected special access materials are 
in addition to, not a replacement for, 
other transmission means previously 
approved for such material. Secure 
facsimile remains the preferred 
method of transmission. 



d. Use overnight delivery only when: 

• Approved by the PSO. 

• It is necessary to meet program 
requirements. 

• It is essential to mission 
accomplishment. 

• Time is of the essence, negating 
other approved methods of 
transmission. 

• Government program management 
considers this method to be cost- 
effective. 

e. Packages must meet the carrier’s 
size and weight limitations or other 
similar restrictions. 



f. Use the wrapping, addressing, and 
receipting procedures previously 
prescribed in paragraph 5-401 and 
approved contract security annexes. 
The commercial express carrier 
envelope is not considered the 
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second envelope for double- 
wrapping; hence, the carrier 
envelope becomes the third wrap. 
Check with the PSO to obtain the 
proper address and specific shipping 
instructions prior to use. 

g. To ensure direct delivery to 
address provided by the PSO: 

1. Do not execute the Waiver of 
Signature and Indemnity on USPS 
Label. 

2. Do not execute the release portion 
on commercial carrier forms. 

3. Ensure an appropriate recipient is 
designated and available to receive 
material. 

4. Do not disclose to the express 
service carrier that the package 
contains classified material. 

h. When using an U.S. Government- 
approved contract carrier, ship 
packages only on Monday through 
Thursday to ensure that the carrier 
does not retain a classified package 
over a weekend. 



i. Immediately report any problem, 
misdelivery, loss, or other security 
incident encountered with this 
transmission means to the PSO. 

5-405. TOP SECRET Transmission. TOP 

SECRET (TS) SAP will be transmitted via secure 
data transmission or via Defense Courier Service 
unless other means have been authorized by the 
PSO. 



5-407. (Baseline). Do not remove 
program materials (classified or 
unclassified) from a SAPF without 
the PSO’s/CPSO’s approval. Within a 
contractor plant or government 
installation, transport program 
materials in an envelope-contained 
within an outer container (briefcase, 
pouch, etc.) or in a locked pouch or 
container. Courier briefcase or pouch 
must be annotated on the outside 
with the courier contact or office 
information. When transporting Top 
Secret materials, call ahead to the 
recipient’s office, providing the name 
of the courier and estimated arrival 
time. On arrival, call the departure 
office to confirm the material’s safe 
arrival. 
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Section 5. Disclosure 



5-500. Release of Information. Public release 

of SAP information is not authorized without 
written authority from the Government as provided 
for in U.S. Code, Titles 10 and 42. Any attempt by 
unauthorized personnel to obtain Program 
information and sensitive data will be reported 
immediately to the Government Program Manager 
(GPM) through the PSO using approved secure 
communication channels. 

Do not release information 
concerning programs or technology 
to any non-program-accessed 
individual, firm, agency, or 
Government activity without the 
GPM/PSO’s approval. Do not include 
information concerning SAPs in 
general or unclassified publications, 
technical review documents, or 
marketing literature. Submit all 
material proposed for release to the 
GPM or PSO 60 days before the 
proposed release date. After an 
approval is received for public 
release, additional case-by-case 
requests to release identical data are 
not required. 

NOTE: Public release of information 
is defined as the release of any 
program information, or program 
related material, regardless of its 
classification. 

Submit any program information 
intended for discussion at symposia, 
seminars, conferences, or other form 
of non-program meeting to the GPM 
or PSO for review and approval 60 
days before intended attendance and 
release. 



Program history, system 
technological advances, operational 
concepts, special management 
functions and techniques, and 
relationships with non-DoD activities 
remain classified, requiring special 
access authorization. The PSO 
controls disposition and access to 
historical material. 
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Section 6. Reproduction 



5-600. General. Program material will be 
reproduced on equipment specifically designated by 
the CPSO and may require approval by the PSO. The 
CPMs and CPSOs may be required to prepare written 
reproduction procedures. 

Post a notice indicating if equipment 
can or cannot be used for 
reproduction of classified material. 

Reproduction of SAP material is to be 
restricted to authorized machines 
and locations approved by the PSO. 

Use reproduction equipment 
(classified and unclassified) located 
within a SAPF. Equipment may be 
used outside a SAPF (i.e.: within a 
Temporary Secure Work Area), 
provided written procedures are 
developed and approved by PSO 
(including clearing of machine, 
accessing of operators, clearing of 
media, handling malfunctions, etc.). 
Machines should be under routine 
surveillance by the personnel who 
are responsible for enforcing rules. 
Ideally, position reproduction 
equipment within document control 
workstations to assure immediate 
and positive accountability. 

5-601 . Produce only the minimal 
number of Top Secret program 
documents, photographs, drawings, 
viewgraphs, videotapes, etc., to meet 
contractual requirements or 
operational needs. Do not reproduce 
program Top Secret material beyond 
that required for initial distribution 
without specific approval from the 
PSO. This permission is not required 
to produce documents specified in 



the contract or to make the "to" and 
"courtesy copy" distribution listed on 
the initial document. (See paragraph 
5-201. a.1.) 
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Section 7. Disposition and Retention 



5-700. Disposition. CPSOs may be required to 
inventory, dispose of, request retention, or return for 
disposition all classified SAP-related material 
(including AIS media) at contract completion and/or 
close-out. Request for proposal (RFP), solicitation, 
or bid and proposal collateral classified and 
unclassified material contained in Program files 
will be reviewed and screened to determine 
appropriate disposition (i.e., destruction, request for 
retention). Disposition recommendations by 
categories of information or by document control 
number, when required, will be submitted to the 
PSO for concurrence. Requests for retention of 
classified information (SAP and non-SAP) will be 
submitted to the Contracting Officer, through the 
PSO for review and approval. Requirements for 
storage and control of materials approved for 
retention will be approved by the PSO. 

5-701. Retention of SAP Material. The 

contractor may be required to submit a request to the 
Contracting Officer (CO), via the PSO, for authority 
to retain classified material beyond the end of the 
contract performance period. The request will also 
include any retention of Program-related material. 

The contractor will not retain any Program 
information unless specifically authorized in writing 
by the Contracting Officer. Storage and control 
requirements of SAP materials will be approved by 
the PSO. 

See Appendix G for guidance on 
retaining security documentation. 

5-702. Destruction. Appropriately indoctrinated 
personnel shall ensure the destruction of classified 
SAP data. The CSA or designee may determine that 
two persons are required for destruction. 
Nonaccountable waste and unclassified SAP material 
may be destroyed by a single Program-briefed 
employee. 

The destruction of accountable 
classified material must be 
conducted by at least two program- 
accessed individuals. See Chapter 8 



for special destruction procedures 
involving computer media. 

Classified Materials, Manufacturing 
Waste, and By Products. Where 
applicable, security provisions will be 
established to securely dispose of 
materials (e.g. Radar Absorbing 
Materials (RAM) and Radar 
Absorbing Structures (RAS)), waste, 
and manufacturing by products 
which provide a material signature of 
classified elements of a SAP. 
Procedures will be coordinated with 
the PSO. 

5-703. The PSO must review and 
approve all destruction procedures. If 
materials are removed from a SAPF 
for destruction at a central activity, 
ensure that materials are destroyed 
the same day they are removed. 

5-704. (Baseline). Destroy all 
classified waste as soon as possible, 
but do not allow materials to 
accumulate beyond 30 days unless 
approved by the PSO. Apply this 
concept to all waste material 
containing classified information, 
such as preliminary drafts, carbon 
sheets, carbon ribbons, plates, 
stencils, and masters. Safeguard 
typewriter and computer equipment 
ribbons used in transcribing 
classified material in the manner 
appropriate for the classification 
category involved. Mark this material 
PROTECT AS (enter appropriate 
classification). Consider all material, 
including unclassified, generated in 
program areas as classified waste 
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and destroy accordingly. Contact the 
PSO for instructions and approval for 
disposal of waste products generated 
by laser and color output devices 
(e.g., laser printers, cartridges, film 
ribbons, and magnetic storage units). 



5-707. (Baseline). Prepare certificates 
of destruction itemizing each 
accountable document (including 
computer media) or material 
destroyed and cite the appropriate 
document control or copy number. 
Destruction certificates must be 
completed and signed by both of the 
individuals completing the 
destruction immediately after 
destruction is completed. Show the 
date of destruction on document 
control logs. 
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Section 8. Construction Requirements 



5-800. General. Establishing a Special Access 
Program Facility (SAPF). Prior to commencing work 
on a SAP, the contractor may be required to establish 
an approved SAPF to afford protection for Program 
classified information and material. Memoranda of 
Agreement (MOA) are required prior to allowing 
SAPs with different CSAs to share a SAPF. 

All organizations must store SAP 
material in approved SAPFs. Update 
the accreditation checklist on 
completion of construction or when 
changes to physical security 
safeguards are planned. Before 
constructing, accrediting, or re- 
accrediting a SAPF, prepare an 
accreditation checklist according to 
DCID 6/9, forward it to the PSO, and 
obtain the PSO’s approval. Do not 
modify facilities (change physical 
security safeguards) without first 
obtaining the PSO’s approval. 

5-801. Special Access Program Facility. 

a. A SAPF is a program area, room, group of rooms, 
building, or an enclosed facility accredited by the 
PSO where classified SAP Program business is 
conducted. SAPFs will be afforded personnel access 
control to preclude entry by unauthorized 
personnel. Non-accessed persons entering a SAPF 
will be escorted by an indoctrinated person. 

b. A Sensitive Compartmented Information Facility 
(SCIF) is an area, room, building, or installation that 
is accredited to store, use, discuss, or electronically 
process SCI. The standard and procedures for a SCIF 
are stated in DCIDs 1/19 and 1/21. 

c. SAPFs accredited prior to implementation of this 
Supplement will retain accreditation until no longer 
required or recertification is required due to major 
modification of the external perimeter, or changes 



to the Intrusion Detection System (IDS), which 
affect the physical safeguarding capability of the 
facility. 

d. Physical security standards will be stated in the 
Government's RFP, RFQ, contract, or other pre- 
contract or contractual document. 

e. The need-to-know (NTK) of the SAP effort may 
warrant establishment of multi-compartments within 
the same SAPF. 

When multi-compartments within the 
same facility are present, ensure that 
sound-attenuation requirements, if 
appropriate, are met. 

f. *There may be other extraordinary or unique 
circumstances where existing physical security 
standards are inconsistent with facility operating 
requirements, for example, but not limited to, 
research and test facilities or production lines. 
Physical security requirements under these 
circumstances will be established on a case-by-case 
basis and approved by the PSO/Contracting Officer, 
as appropriate. (NOTE: as approved by the CSA at 
establishment of the SAP.) 

g. The PSO will determine the appropriate security 
countermeasures for discussion areas. 

5-802. Physical Security Criteria Standards. 

a. DCID 1/21 standards may apply to a SAPF when 
one or more of the following criteria are applicable: 

1 . State-of-the-art technology as determined by 
CSAs to warrant enhanced protection. 
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2. Contractor facility is known to be working on 

specific critical technology. 

3. Contractor facility is one of a few (3 or less) 

known facilities to have the capability to work 
on specific critical technology. 

4. TOP SECRET or SECRET material is maintained 

in open storage. 

5. A SAPF is located within a commercial building, 

and the contractor does not control all adjacent 
spaces. 

6. SCI or Intelligence Sources and methods are 

involved. 

7. Contractors or technologies known to be a target 

of foreign intelligence services (FIS). 

b. The NISPOM baseline closed area construction 
requirements with Sound Transmission Class (STC) in 
accordance with DCID 1/21, Annex E and intrusion 
alarms in accordance with Annex B, DCID 1/21 may 
apply to a SAPF when one of the following criteria is 
applicable. 

1 . Not state-of-the-art technology and the 

technology is known to exist outside U.S. 
Government control. 

2. The SAP is a large-scale weapon system 

production program. 

3. No open storage of Confidential SAP material 

in a secure working area unless permitted by 
the PSO on a case-by-case basis. 

4. A SAPF located within a controlled access 

area. 

5. Intelligence related activities. 

c. The PSO may approve baseline closed area 
construction requirements as an additional option for 
some SAP program areas. 



d. Commensurate Protective 
Measures for SAPFs. When 
security protections vary from the 
Overprint wording, equivalent 
physical security measures may 
be applied when necessary to 
comply with regulations/codes if 
they are similar to those cited in 
the Overprint. Although variances 
may be required to meet local 
codes, cognizant authorities may 
approve the facility construction 
as providing protection 
commensurate with the 
requirements described below. 
The use of these measures is a 
risk-management decision, which 
is delegated to Component-level 
security professionals in the 
grade of GS-14 or above, or 
military equivalent. All approved 
variances to established security 
standards will be documented by 
the PSO. 

5-803. SAP Secure Working Area. The PSO 

may approve any facility as a SAP Secure Working 
Area. Visual and sound protection may be provided 
by a mix of physical construction, perimeter control, 
guards, and/or indoctrinated workers. 

5-804. Temporary SAPF. The PSO may 

accredit a temporary SAPF. 

5-805. Guard Response. 

a. Response to alarms will be in accordance with 

DCID 1/21, or 

b. the NISPOM 

c. Response personnel will remain at the scene 

until released by the CPSO or designated 
representative. 

NOTE: The CPSO will immediately provide 
notification to the PSO if there is evidence of forced 
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entry, with a written report to follow within 72 
hours. 

5-806. Facility Accreditation. 

a. Once a facility has been accredited to a stated 

level by a Government Agency, that 
accreditation should be accepted by any 
subsequent agency. 

Provide verification of the previous 
accreditation and obtain the PSO’s 
approval before introducing SAP 
material into an area. 

b. For purposes of co-utilization, costs associated 
with any security enhancements in a SCIF or SAPF 
above preexisting measures may be negotiated for 
reimbursement by the contractor’s contracting officer 
or designated representative. Agreements will be 
negotiated between affected organizations. 

SAPs desiring to co-utilize a SCIF will 
accept the current accreditation and 
any waivers. Any security 
enhancements required by a SAP, 
agency, or department requesting co- 
utilization will be funded by that 
organization and must be approved 
by the SOIC with DCI concurrence 
prior to implementation. A co- 
utilization approval and agreement 
must be established prior to 
occupancy. SAPs will meet the 
physical security requirements of 
this Manual and DCI Special Access 
Program Policy dated January 4, 

1989. 



Non-related and/or non-SCI activities 
within a SCIF must: 



• Have SOIC approval in advance; 

• Be governed by a Memorandum of 

Understanding (MOU) which may 
be a hard copy or an electronic 
communication fully identifying all 
approving authorities; 

• Be physically separated from each 
other at all times to avoid 
disclosure of information relating 
to respective program; 

• Assure that all persons working on 

non-SCI activities are approved to 
DCID 6/4 standards and they 
receive a non-SCI revealing 
briefing after meeting the 
minimum criteria for PROXIMITY 
approval; 

• The accrediting authority for the 

SCIF at the time of the MOU 
remains the overall authority for 
the SCIF unless all parties 
concerned agree to transfer such 
responsibility to another agency. 

If a transfer of accreditation or 
responsibility occurs, 1C 
organizations must be officially 
notified and the accreditation data 
and facility security profile 
transferred to the new CSA; 

• The MOU for a SCIF must, as a 

minimum, identify the CSA 
responsible for the general 
security of the SCIF, the 
compartmentation and 
classification level of SCI 
authorized for storage, special 
security procedures for the SCIF, 
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security and support services 
each user requires, and how user 
requirements will be satisfied. 

The accrediting authority retains 
ultimate responsibility for the 
security, physical inspections, 
and internal operation of the SCIF. 

Co-utilization is defined in DCID 6/9. 

c. If a previously accredited SAPF becomes inactive 
for a period not to exceed one year, the SAP 
accreditation will be reinstated by the gaining 
accrediting agency provided the following is true: 

1 . The threat in the environment surrounding the 
SAPF has not changed. 

2. No modifications have been made to the SAPF 
which affect the level of safeguarding. 

3. The level of safeguarding for the new Program is 
comparable to the previous Program. 

4. The SAPF has not lost its SAP accreditation 
integrity and the contractor has maintained 
continuous control of the facility. 

5. A technical surveillance countermeasure survey 
(TSCM) may be required. 

NOTE: Previously granted waivers are subject to 
negotiation. 

5-807. Prohibited Items. Items that constitute a 
threat to the security integrity of the SAPF (e.g., 
cameras or recording devices) are prohibited unless 
authorized by the PSO. All categories of storage 
media entering and leaving the SAPFs may require 
the PSO or his/her designated representative 
approval. 

a. The following items do not pose a 
threat to a SAPF and can be taken 



into and out of a SAPF without 
approval: 

• Hearing aids, heart pacemakers, 
and motorized wheelchairs. 

• Amplified telephone handset and 
teletypewriters (when used by the 
hearing impaired). 

• Audio and video equipment with no 
record capability. 

• Compact disk players. 

• Televisions and AM/FM radios. 

• Receive-only (tone-only) beepers. 

• Receive-only (voice) pagers. 

b. The following items may not be 
introduced into a SAPF, unless 
approved by the PSO: 

• Personally-owned computers and 
associated media. 

• Personally-owned photographic, 
video and audio recording 
equipment. 

• Two-way audio RF (e.g. two-way 
radios and cellular phones) 
transmitting devices that are 
government or company owned for 
program use can be authorized by 
the PSO (see NOTE below). 

• Cameras and film, for a program 
mission requirement, (e.g., badge 
issuance or documenting test 
results). 

• Other emanating and reproducing 
devices^ 

NOTE: Two-way audio RF 
transmitting devices can be 
authorized by the PSO when required 
for operational necessity. 
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c. See Chapter 8 for computer type 
items that are not permitted in 
SAPFs. 



d. In exceptional circumstances, 
when necessary for a specific activity 
or threat, program manager or PSO 
may apply more stringent 
requirements. Such requirements 
must be reported to the SAP Central 
Office. 



e. Personally-owned equipment 
brought into a SAPF is subject to 
inspection at any time. Any device 
removed from a SAPF also may be 
subjected to an inspection. 



f. Allow emergency response forces 
such as guard forces and fire 
department personnel, as well as 
their two-way communications 
equipment, immediate access to 
SAPFs. Debrief these personnel 
when appropriate and execute a SAP 
Format 5, Inadvertent Disclosure 
Statement. 
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Chapter 6 
Visits and Meetings 



Section 1. Visits 



6-100. General. A visit certification request for 
all Program visits will be made prior to a visit to a 
Program facility. When telephone requests are made, 
a secure telephone should be used whenever possible. 
Visit requests will be handled exclusively by the 
cognizant CPSO or designated representative. The 
GPM or PSO or his/her designated representative will 
approve all visits between Program activities. 
However, visits between a prime contractor and the 
prime's subcontractors and approved associates will 
be approved by the CPSO. Twelve-month visit 
requests are not authorized unless approved by the 
PSO. 

Continuously escort and closely 
control movement of non-program- 
accessed visitors who require access 
to a program area/SAPF for any 
purpose. Use only program-accessed 
personnel as escorts. 

a. Establish and maintain adequate 
controls to ensure that program 
visitors are kept within the framework 
of the “need to know” requirement 
and that information discussed or 
furnished is within the visitor’s level 
of access. Use SAP Format 7 or a 
similar software program. 

b. Consider installing an internal 
warning system to warn accessed 
occupants of the presence of 
uncleared personnel. Employ other 
or additional methods (e.g., verbal 
warnings) to warn or remind 
personnel of the presence of 
uncleared personnel. 



6-101. Visit Request Procedures. All visit 

requests will be sent only via approved channels. In 
addition to the NISPOM, the following additional 
information for visits to a SAPF will include: 

a. Name and telephone number of individual ( not 
organization) to be visited; 

b. Designation of person as a Program courier 
when applicable; and 

c. Verification (e.g., signature) of the CPSO or 
designated representative that the visit request 
information is correct. 

d. The PSO and personnel approved 
by the PSO may visit all program 
facilities, without furnishing 
advanced notification. Deny access 
and notify the CPSO or PSO 
whenever any visitor arrives at a 
Government or contractor facility 
unannounced. 

6-102. Termination and/or Cancellation of 
a Visit Request. If a person is debriefed from the 
Program prior to expiration of a visit certification, 
or if cancellation of a current visit certification is 
otherwise appropriate, the CPSO/FSO or his/her 
designated representative will immediately notify all 
recipients of the cancellation or termination of the 
visit request. 

6-103. Visit Procedures. 
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a. Identification of Visitors. An official photograph 
if identification such as a valid driver's license is 
required. 

b. Extension. When a visit extends past the date on 
the visit certification, a new visit request is not 
required if the purpose remains the same as that 
stated on the current visit request to a specific SAPF. 

c. Rescheduling. When a rescheduled visit occurs 
after a visit request has been received, the visit 
certification will automatically apply if the visit is 
rescheduled within thirty days and the purpose 
remains the same. 

d. Hand-carrying. It is the responsibility of the host 
CPSO to contact the visitor's CPSO should the visitor 
plan to hand-carry classified material. CPSOs will 
use secure means for notification. In emergency 
situations where secure communications are not 
available, contact the PSO for instructions. When 
persons return to their facility with SAP material, 
they will relinquish custody of the material to the 
CPSO or designated representative. Arrangement 
will be made to ensure appropriate overnight 
storage and protection for material returned after 
close of business. 

6-104. Collateral Clearances and Special 
Access Program Visit Requests. Collateral 

clearances and SAP accesses may be required in 
conjunction with the SAP visit. If access to collateral 
classified information is required outside the SAPF, 
then the CPSO can certify clearances and accesses as 
required within the facility. Certification will be 
based on the SAP visit request received by the CPSO. 
The CPSO will maintain the record copy of the visit 
certification. SCI visit certification will be forwarded 
through appropriate SCI channels. 

6-105. Non-Program-Briefed Visitors. 

Instances where entry to a SAPF by non-Program- 



briefed personnel is required (e.g., maintenance, 
repair), they will complete and sign a visitor's 
record and will be escorted by a Program-briefed 
person at all times. Sanitization procedures will be 
implemented in advance to ensure that personnel 
terminate classified discussions and other actions 
and protect SAP information whenever a non - 
brief ed visitor is in the area. If maintenance is 
required of a classified device, the uncleared 
maintenance person shall be escorted by a 
Program-briefed, technically knowledgeable 
individual. Every effort should be made to have a 
technically knowledgeable Program-briefed person 
as an escort. 

6-106. Visitor Record. The PSO may require 
the CPSO to establish a Program visitor's record. 

This record will be maintained inside the SAPF, and 
retention may be required. 

Maintain a visitor sign-in and sign- 
out record for all accessed program 
visitors. Show the visitor's name, 
SSN, organization or firm, date, time 
in and out, and sponsor on the log. 
When necessary to protect a SAP, 
maintain a separate record for 
uncleared visitors that shows the 
escort official instead of the sponsor. 

6-107. Guidelines for Congressional 
Visits. Upon notification of a 
proposed Congressional visit to a 
SAPF, the OSD SAPCO shall provide 
access guidance to the DoD 
Component SAP Central Office. 

In the event of the unannounced 
arrival of a Congressional delegation 
at a SAPF, the contractor shall 
contact the PSO for guidance. The 
PSO shall contact the DoD 
Component SAP Central Office for 
guidance. The DoD Component SAP 
Central Office will coordinate the visit 
with the OSD SAPCO. 
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All communications and information 
flow between the authorized 
Congressional Members or their staff 
shall be coordinated through the 
OSD SAPCO. (See Chapter 2 for 
access requirements for Members, 
professional staff, and personal 
staff). 
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Section 2. Meetings 



6-200. Conduct meetings and 
conferences where program 
information is discussed only in 
approved SAPFs. PSOs may 
authorize additional locations. 



6-201. Appoint a person to ensure 
that adequate security is provided. 



6-202. Establish entry control and 
perimeter area surveillance when 
needed. When authorized, request a 
Technical Surveillance Counter- 
measures (TSCM) survey for 
unsecured conference rooms when 
SAP information is to be discussed. 



NOTE: Use SAP Format 8 to request 
the TSCM. 
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Chapter 7 
Subcontracting 

Section 1. Prime Contracting Responsibilities 



7-100. General. This section addresses the 
responsibilities and authorities of prime contractors 
concerning the release of classified SAP information 
to subcontractors. Prior to any release of classified 
information to a prospective subcontractor, the prime 
contractor will determine the scope of the bid and 
procurement effort. Prime contractors will use 
extreme caution when conducting business with non- 
Program-briefed subcontractors to preclude the 
release of information that would divulge Program- 
related (classified or unclassified Program sensitive) 
information. 

7-101. Determining Clearance Status of 
Prospective Subcontractors. All prospective 
subcontractor personnel will have the appropriate 
security clearance and meet the investigative 
criteria as specified in this Supplement prior to 
being briefed into a SAP. The eligibility criteria will 
be determined in accordance with the NISPOM and 
this Supplement. For Acknowledged Programs, in the 
event a prospective subcontractor does not have the 
appropriate security clearances, the prime contractor 
will request that the cognizant PSO initiate the 
appropriate security clearance action. A 
determination will be made in coordination with the 
PSO as to the levels of facility clearance a 
prospective subcontractor facility has for access to 
classified information and the storage capability 
level. 

When a subcontractor is identified 
who does not have a facility 
clearance, the PSO will initiate the 
necessary paperwork through 
program channels and coordinate 
with DSS to initiate action to provide 
the subcontractor a facility clearance. 



7-102. Security Agreements and Briefings. 

In the pre-contract phase, the prime contractor will 
fully advise the prospective subcontractor (prior to 
any release of SAP information) of the procurement's 
enhanced special security requirements. 

Arrangements for subcontractor Program access will 
be pre-coordinated with the PSO. When approved by 
the PSO, the prime contractor CPSO will provide 
Program indoctrinations and obtain NDAs from the 
subcontractors. A security requirements agreement 
will be prepared that specifically addresses those 
enhanced security requirements that apply to the 
subcontractor. The security requirements agreement 
may include the following elements, when 
applicable: 

a. General Security Requirements. 

b. Reporting Requirements. 

c. Physical and/or Technical Security Requirements. 

d. Release of Information. 

e. Program Classified Control or Accountability. 

f. Personnel Access Controls. 

g. Security Classification Guidance. 

h. Automated Information System. 

i. Security Audits and Reviews. 

j. Program Access Criteria. 

k. Subcontracting. 



7 - 1-1 




l. Transmittal of Program Material. 

m. Storage. 

n. Testing and/or Manufacturing. 

o. Program Travel. 

p. Finances. 

q. Sanitization of Classified Material. 

r. Security Costs and Charging Policy. 

s. Fraud, Waste, and Abuse Reporting. 

t. Test Planning. 



contractor will be forwarded to the GPM/PSO and 
contracting officer for coordination and signature. 



For subcontracts, the prime CPSO 
will prepare a proposed DD Form 254 
and forward it to the PSO for 
approval before signature by the 
prime contractor and release to 
subcontractors. 



u. OPSEC. 



v. TEMPEST. 

Prior to initiating contact with a 
prospective vendor or subcontractor, 
the CPSO will complete a SAP 
Format 13, Subcontractor/Supplier 
Data Sheet, for submission to the 
PSO. The CPSO will include the 
reason for considering a vendor and 
attach a proposed DD Form 254 to 
the SAP Format 13. The DD Form 254 
shall be tailored to be consistent with 
the proposed support being sought. 
The DD Form 254 may be classified 
based on the information contained 
therein. 



7-103. Transmitting Security 
Requirements. Contract Security Classifications 
Specifications (DD254) prepared by the prime 
contractor will coordinate with the GPM/PSO and 
contracting officer prior to transmitting to the 
subcontractor. The DD254 prepared by the prime 
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Chapter 8 

Automated Information Systems (AIS) 



The following paragraphs explain new guidelines for adherence to the 
requirements of Chapter 8 of the DoD Overprint until a DoD Implementer to DCID 
6/3 is published. The Government shall specify in each contract which of the 
below requirements the Contractor is expected to adhere to, i.e. whether they 
should use Chapter 8 of the DoD Overprint for legacy programs, whether they 
should follow the provisions of DCID 6/3, or whether they should use Chapter 8 
guidance as supplemented by the Components. 

The Department of Defense (DoD) Overprint to the National Industrial 
Security Program Operating Manual Supplement (NISPOMSUP) was issued in 
January 1998 as guidance to all DoD special access programs (SAPs). 
Subsequent to publication of the DoD Overprint, the Deputy Secretary of Defense 
directed that all DoD SAPs use the DoD Overprint and prohibited any further 
supplementation. 

The Intelligence Community (1C) developed and issued Director of Central 
Intelligence Directive (DCID) 6/3, Protecting Sensitive Compartmented Information 
Within Information Systems. DCID 6/3 was written for implementation in 
compartmented programs; however, additional guidance is needed to facilitate 
standardization of protective measures between and among DoD SAPs. 

DoD intends to publish Automated Information Systems (AIS) security 
guidance, which will encompass applicable protection policies from DCID 6/3, 
accepted procedures from the current Chapter 8 of the DoD Overprint, and the 
latest best security practices identified by DoD components. In the interim, 
organizations responsible for DoD SAPs are authorized to continue adherence 
with the requirements of Chapter 8 of the DoD Overprint for legacy programs or 
may elect to follow the provisions of DCID 6/3. Components may also 
supplement Chapter 8 guidance as is minimally necessary to ensure protection of 
their SAP-related AIS. 
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Section 1. Responsibilities 



8-100. Introduction. 

a. Purpose and Scope. This chapter addresses the 
protection and control of information processed on 
AIS. This entire chapter is contractor required and 
is not an option. The type is not bold or italicized, 
because it would include the complete chapter. AISs 
typically consist of computer hardware, software, 
and/or firmware configured to collect, create, 
communicate, compute, disseminate, process, store, 
or control data or information. This chapter specifies 
requirements and assurances for the implementation, 
operation, maintenance, and management of secure 
AIS used in support of SAP activities. Prior to using 
an AIS or AIS network for processing U.S. 
Government, Customer, or Program information, the 
Contractor/ Provider will develop an AIS Security 
Plan (AISSP) as described herein and receive written 
Customer authorization to process Customer 
information. Such authorization to process requires 
approval by the Customer. The Provider will also 
assign an Information System Security 
Representative (ISSR) to support the preparation of 
these documents and to subsequently manage AIS 
security on-site for the Customer's program. After the 
AISSP is approved by the Customer, the Provider 
will thereafter conform to the plan for all actions 
related to the Customer's program information. This 
information includes the selection, installation, test, 
operation, maintenance, and modification of AIS 
facilities, hardware, software, media, and output. 

Requirements specified in this 
chapter apply to all AISs in SAP 
areas regardless of the classification 
level being processed on individual 
systems. 

b. Requirements. The AISSP selected menu 
upgrades to the NISPOM baseline will be tailored to 
the Provider's individual AIS configuration and 
processing operations. Alternatives to the protective 
measures in this Supplement may be approved by the 
Customer after the Provider demonstrates that the 



alternatives are reasonable and necessary to 
accommodate the Customer's needs. Prior to 
implementation, the Provider will coordinate any 
envisioned changes or enhancements with the 
Customer. Approved changes will be included in the 
AISSP. Any verbal approvals will subsequently be 
documented in writing. The information and 
guidance needed to prepare and obtain approval for 
the AISSP is described herein. 

c. Restrictions. No personally owned AISs will be 
used to process classified information. 

Personally owned computers will not 
be introduced into SAP areas. 

8-101. Responsibilities. The Customer is the 
Government organization responsible for sponsoring 
and approving the classified and/or unclassified 
processing. The Provider is the Contractor who is 
responsible for accomplishing the processing for the 
Customer. The Information System Security 
Representative (ISSR) is the Provider-assigned 
individual responsible for on-site AIS processing for 
the Customer in a secure manner. 

a. Provider Responsibilities. The Provider will take 
those actions necessary to meet with the policies and 
requirements outlined in this document. The provider 
will: 

1 . Publish and promulgate a corporate AIS Security 

Policy that addresses the classified processing 
environment. 

2. Designate an individual to act as the ISSR. 

3. Incorporate AISs processing Customer 

information as part of a configuration 
management program. 
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4. Enforce the AIS Security Policy. 

b. ISSR Responsibilities. The Provider-designated 
IS SR has the following responsibilities: 

1. AIS Security Policy. Implement the AIS Security 
Policy. 

2. AIS Security Program. Coordinate establishing and 
maintaining a formal AIS Security Program to ensure 
compliance with this document: 

(a) AIS Security Plan (AISSP). Coordinate the 
preparation of an AISSP in accordance with the 
outline and instructions provided in this document. 
After Customer approval, the AISSP becomes the 
controlling security document for AIS processing 
Customer information. Changes affecting the security 
of the AIS must be approved by the Customer prior 
to implementation and documented in the AISSP. 

(b) AIS Technical Evaluation Test Plans. For systems 
operating in the compartmented or multi-level modes, 
prepare an AIS Technical Evaluation Test Plan in 
coordination with the Customer and applicable 
security documents. 

(c) Certification. Conduct a certification test in 
accordance with 8-102, c. and provide a certification 
report. 

(d) Continuity of Operations Plan (COOP). When 
contractually required, coordinate the development 
and maintenance of an AIS COOP to ensure the 
continuation of information processing capability in 
the event of an AlS-related disaster resulting from 
fire, flood, malicious act, human error, or any other 
occurrence that might adversely impact or threaten to 
impact the capability of the AIS to process informa- 
tion. This plan will be referenced in the AISSP. 

(e) Documentation. Ensure that all AIS security- 



related documentation as required by this chapter is 
current and is accessible to properly authorized 
individuals. 

(f) Customer Coordination. Coordinate all reviews, 
tests, and AIS security actions. 

(g) Auditing. Ensure that the required audit trails are 
being collected and reviewed as stated in 8-303. 

(h) Memorandum of Agreement. As applicable, 
ensure that Memoranda of Agreement are in place for 
AISs supporting multiple Customers. 

(i) Compliance Monitoring. Ensure that the system is 
operating in compliance with the AISSP. 

(j) AIS Security Education and Awareness. Develop 
an on-going AIS Security Education and Awareness 
Program. 

(k) Abnormal Occurrence. Advise Customer in a 
timely manner of any abnormal event that affects the 
security of an approved AIS . 

This notification of abnormal 
occurrences will be made within 72 
hours. When a network is involved, 
the notification must be made within 
12 hours. 

1. Virus and malicious code. Advise Customer in a 
timely manner of any virus and malicious code on an 
approved AIS. 

2. Configuration Management. Participate in the 
configuration management process. 

3. Designation of Alternates. The ISSR may 
designate alternates to assist in meeting the 
requirements outlined in the chapter. 
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c. Special Approval Authority. In addition to the 
above responsibilities, the Customer may authorize in 
writing an ISSR to approve specific AIS security 
actions including: 

1 . Equipment Movement. Approve and document the 
movement of AIS equipment. 

2. Component Release. Approve the release of 
sanitized components and equipment in accordance 
with Table 2 in 8-501. 

3. Stand-alone Workstation and Portable AIS 
Approval. Approve and document new workstations 
in accordance with an approved AIS security plan 
and the procedures defined in this document for 
workstations with identical functionality. Approve 
and document portable AIS. 

4. Dedicated and System High Network Workstation 
Approval. Approve and document additional 
workstations identical in functionality to existing 
workstations on an approved Local Area Network 
(LAN) provided the workstations are not located 
outside of the previously defined boundary of the 
LAN. 

5. Other AIS Component Approval. Approve and 
document other AIS components identical in 
functionality to existing components on an approved 
LAN provided the components are not located 
outside of the previously defined boundary of the 
LAN. 

6. With the approval of the PSO, the 
ISSR may delegate special approval 
authority to an alternate(s). 

8-102. Approval To Process. Prior to using 

any AIS to process Customer information, approval 
will be obtained from the Customer. The following 
requirements will be met prior to approval. 

a. AIS Security Program. The Provider will have 
an AIS security program that includes: 



1 . An AIS security policy and a formal AIS security 
structure to ensure compliance with the guidelines 
specified in this document; 

2. An individual whose reporting functionalities are 
within the Provider's security organization formally 
named to act as the ISSR; 

3. The incorporation of AISs processing Customer 
information into the Provider's configuration 
management program. The Provider's configuration 
management program shall manage changes to an 
AIS throughout its life cycle. As a minimum the 
program will manage changes in an AIS’s: 

Existing corporate configuration 
management programs may be used, 
provided control and documentation 
are adequate to meet the 
requirements of this chapter. Use 
SAP format 16 to aid in 
documentation and registration of 
word processing or personal 
computer data. 

(a) Hardware components (data retentive only). 

(b) Connectivity, (external and internal). 

(c) Lirmware. Lirmware will be tracked only when 
related to a demonstrated security deficiency or 
control feature. 

(d) Software. 

(e) Security features and assurances. 

(f) AISSP. 

(g) Test Plan. 

4. Control. Each AIS will be assigned to a designated 
custodian ( and alternate custodian) who is 
responsible for monitoring the AIS on a continuing 
basis. The custodian will ensure that the hardware. 
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installation, and maintenance as applicable conform 
to appropriate requirements. The custodian will also 
monitor access to each AIS . Before giving users 
access to any such AIS, the custodian will have them 
sign a statement indicating their awareness of the 
restrictions for using the AIS. These statements will 
be maintained on file and available for review by the 
ISSR. 

User statements will be 
accomplished and maintained in 
accordance with paragraph 8-700c. 

b. AIS Security Plan (AISSP). The Provider will 
prepare and submit an AISSP covering AISs 
processing information in a Customer's Special 
Access Program Facility (SAPF), following the 
format in Appendix C. For RD, the Customer may 
modify the AISSP format. 

c. AIS Certification and Accreditation. 

1 . Certification. Certification is the comprehensive 
evaluation of technical and non-technical security 
features to establish the extent to which an AIS has 
met the security requirements necessary for it to 
process the Customer information. Certification 
precedes the accreditation. The certification is based 
upon an inspection and test to verify that the AISSP 
accurately describes the AIS configuration and 
operation (See Appendix C and D). A Certification 
Report summarizing the following will be provided 
to the Customer: 

One Certification Report may be 
applicable to multiple AISs provided 
all variations of configuration and 
operation are reviewed and verified. 

(a) For the dedicated mode of operation, the provider 
must verify that access controls, configuration 
management, and other AISSP procedures are 
functional. 



(b) In addition, for System High AIS the ISSR will 
verify that discretionary controls are implemented. 

(c) For compartmented and multilevel AIS, 
certification also involves testing to verify that 
technical security features required for the mode of 
operation are functional. Compartmented and multi- 
level AIS must have a Technical Evaluation Test 
Plan that includes a detailed description of how the 
implementation of the operating system software, 
data management system software, firmware, and 
related security software packages will enable the 
AIS to meet the Compartmented or Multilevel Mode 
requirements. The plan outlines the inspection and 
test procedures to be used to demonstrate this 
compliance. 

2. Accreditation. Accreditation is the formal 
declaration by the Customer that a classified AIS or 
network is approved to operate in a particular 
security mode; with a prescribed set of technical and 
non-technical security features; against a defined 
threat; in a given operational environment; under a 
stated operational concept; with stated 
interconnections to other AIS, and at an acceptable 
level of risk. The accreditation decision is subject to 
the certification process. Any changes to the 
accreditation criteria described above may require a 
new accreditation. 

An accreditation may apply to 
multiple stand-alone AISs, provided 
all variations of configuration and 
operation are reviewed and verified. 

d. Interim Approval. The Customer may grant an 
interim approval to operate. 

Interim approval will be granted for 
TS/SAR processing only when a 
critical mission requirement can be 
demonstrated. 

e. Withdrawal of Accreditation. The Customer 
may withdraw accreditation if: 
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1 . The security measures and controls established and 
approved for the AIS do not remain effective. 

2. The AIS is no longer required to process Customer 
information. 

f. Memorandum of Agreement. A Memorandum of 
Agreement (MOA) is required whenever an 
accredited AIS is co-utilized, interfaced, or 
networked between two or more Customers. This 
document will be included, as required, by the 
Customer. 

An MOA is recommended whenever 
an AIS is interfaced or networked 
between two or more providers 
(contractors). 

g. Procedures for Delegated Approvals. For AISs 
operating in the dedicated or system high modes, the 
Customer may delegate special approval authority to 
the ISSR for additional AISs that are identical in 
design and operation. That is: two or more AIS are 
identical in design and operate in the same security 
environment (same mode of operation, process 
information with the same sensitivities, and require 
the same accesses and clearances, etc.). Under these 
conditions the AISSP in addition to containing the 
information required by Appendix C shall also 
include the certification requirements (inspection and 
tests) and procedures that will be used to accredit all 
AISs. The CSA will validate that the certification 
requirements are functional by accrediting the first 
AIS using these certification requirements and 
procedures. The ISSR may allow identical AIS to 
operate under that accreditation if the certification 
procedures are followed and the AIS meets all the 
certification requirements outline in the AISSP. The 
AISSP will be updated with the identification of the 
newly accredited AIS and a copy of each certification 
report will be kept on file. 

Such delegations of approval 
authority are based on the PSO’s 
assessment that an individual ISSR is 
qualified to make approval decisions 



on behalf of the PSO in the provider’s 
facility. 

8-103. Security Reviews. 

a. Purpose. Customer AIS Security Reviews are 
conducted to verify that the Provider's AIS is 
operated in accordance with the approved AISSP. 

b. Scheduling. Customer AIS Reviews are normally 
scheduled at least once every 24 months for Provider 
systems processing Customer program information. 
The Customer will establish specific review 
schedules. 

AIS security reviews will be 
scheduled as part of the general 
security review for the entire SAP. 

c. Review Responsibilities. During the scheduled 
Customer AIS Security Review, the Provider will 
furnish the Customer representative conducting the 
Review with all requested AIS or network 
documentation. Appropriate Provider security, 
operations, and management representatives will be 
made available to answer questions that arise during 
the Customer AIS Review process. 

d. Review Reporting. At the conclusion of the 
Customer AIS Review visit, the Customer will brief 
the Provider's appropriate security, operations, and 
management representatives on the results of the 
Review and of any discrepancies discovered and the 
recommend measures for correcting the security 
deficiencies. A formal report of the Customer AIS 
Review is provided to the Provider's security 
organization no later than 30 days after the Review. 

e. Corrective Measures. The Provider will respond 
to the Customer in writing within 30 days of receipt 
of the formal report of deficiencies found in the 
Customer AIS Review process. The response will 
describe the actions taken to correct the deficiencies 
outlined in the formal report of Customer AIS 



8 - 1-6 




Review findings. If proposed actions will require an 
expenditure in funds, approval will be obtained from 
the Contracting Officer prior to implementation. 
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Section 2. Security Modes 



8-200. Security Modes- General. 

a. AISs that process classified information must 
operate in the dedicated, system high, 
compartmented, or multilevel mode. Security modes 
are authorized variations in security environments, 
requirements, and methods of operating. In all 
modes, the integration of automated and conventional 
security measures shall, with reasonable 
dependability, prevent unauthorized access to 
classified information during, or resulting from, the 
processing, storage, or transmission of such 
information, and prevent unauthorized manipulation 
of the AIS that could result in the compromise or loss 
of classified information. 

b. In determining the mode of operation of an AIS, 
three elements must be addressed: the boundary and 
perimeter of the AIS, the nature of the data to be 
processed, and the level and diversity of access 
privileges of intended users. Specifically: 

1 . The boundary of an AIS includes all users that are 
directly or indirectly connected and who can receive 
data from the AIS without a reliable human review 
by an appropriately cleared authority. The perimeter 
is the extent of the AIS that is to be accredited as a 
single entity. 

2. The nature of data is defined in terms of its 
classification levels, compartments, 
subcompartments, and sensitivity levels. 

3. The level and diversity of access privileges of its 
users are defined as their clearance levels, need- to- 
know, and formal access approvals. 

Compartmented and multi-level 
modes of operation are not normally 
approved for SAPs unless a unique 
mission requirement justifies the 
additional risk inherent in such 



configurations. 

8-201. Dedicated Security Mode. 

a. An AIS is operating in the dedicated mode (processing 
either full time or for a specified period) when each user 
with direct or indirect access to the AIS, its peripherals, 
remote terminals, or remote hosts has all of the following: 

1. A valid personnel clearance for all information 
stored or processed on the AIS. 

2. Formal access approvals and has executed all 
appropriate non-disclosure agreements for all the 
information stored and/or processed (including all 
compartments, subcompartments, and/or SAPs). 

3. A valid need to know for all information stored on 
or processed within the AIS. 

b. The following security requirements are 
established for AISs operating in the dedicated mode: 

1. Be located in a SAPF. 

2. Implement and enforce access procedures to the 
AIS. 

3. All hard copy output will be handled at the level 
for which the system is accredited until reviewed by a 
knowledgeable individual. 

4. All media removed from the system will be 
protected at the highest classification level of 
information stored or processed on the system until 
reviewed and properly marked according to 
procedures in the AIS security plan. 

c. Security Features for Dedicated Security Mode. 

1 . Since the system is not required to provide 
technical security features, it is up to the user to 
protect the information on the system. For networks 
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operating in the dedicated mode, automated 
identification and authentication controls are 
required. 

2. For DoD, the Customer may require audit records 
of user access to the system. Such records will 
include: user ID, start date and time, and stop date 
and time. Logs will be maintained IAW 8-303. 

Audit records as specified by the 
PSO will be maintained for dedicated 
mode systems. 

d. Security Assurances for Dedicated Security 
Mode. 

1. AIS security assurances must include an approach 
for specifying, documenting, controlling, and 
maintaining the integrity of all appropriate AIS 
hardware, firmware, software, communications 
interfaces, operating procedures, installation 
structures, security documentation, and changes 
thereto. 

2. Examination of Hardware and Software. Classified 
AIS hardware and software shall be examined when 
received from the vendor and before being placed 
into use. 

(a) Classified AIS Hardware. An examination shall 
result in assurance that the equipment appears to be 
in good working order and have no parts that might 
be detrimental to the secure operation of the resource. 
Subsequent changes and developments which affect 
security may require additional examination. 

(b) Classified AIS Software. 

(1) Commercially procured software shall be 
examined to assure that the software contains no 
features which might be detrimental to the security of 
the classified AIS. 

(2) Security-related software shall be examined to 



assure that the security features function as specified. 

(c) Custom Software or Hardware Systems. New or 
significantly changed security relevant software and 
hardware developed specifically for the system shall 
be subject to testing and review at appropriate stages 
of development. 

Automated audit trails will be used to 
the maximum extent possible. Where 
not available or where cost- 
prohibitive, the PSO may approve the 
use of manual logs. 

8-202. System High Security Mode. 

a. An AIS is operating in the system high mode 
(processing either full time or for a specified period) 
when each user with direct or indirect access to the 
AIS, its peripherals, remote terminals, or remote 
hosts has all of the following: 

1. A valid personnel clearance for all information on 
the AIS. 

2. Formal access approval and has signed non- 
disclosure agreements for all the information stored 
and/or processed (including all compartments and 
subcompartments) . 

3. A valid need-to-know for some of the information 
contained within the system. 

b. AISs operating in the system high mode, in 
addition to meeting all of the security requirements, 
features, and assurances established for the dedicated 
mode, will meet the following: 

1. Security Features for System High Mode 

(a) Define and control access between system users 
and named objects (e.g., files and programs) in the 
AIS. The enforcement mechanism must allow system 
users to specify and control the sharing of those 
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objects by named individuals and/or explicitly 
defined groups of individuals. The access control 
mechanism must, either by explicit user action or by 
default, provide that all objects are protected from 
unauthorized access (discretionary access control). 
Access permission to an object by users not already 
possessing access permission must only be assigned 
by authorized users of the object. 

(b) Time Lockout. Where technically feasible, the 
AIS shall time lockout an interactive session after an 
interval of user inactivity. The time interval and 
restart requirements shall be specified in the AIS 
Security Plan. 

Time lockout must be activated after 
a maximum of 30 minutes of user 
inactivity and must automatically log 
the user out of the system. Software 
such as screen locks or “pause” 
functions must create audit entries to 
show initiation and termination. 

(c) Audit Trail. Provide an audit trail capability that 
records time, date user ID, terminal ID (if 
applicable), and file name for the following events: 

(1) Introduction of objects into a user's address 
space (e.g., file open and program initiation as 
determined by the Customer and 1SSR). 

(2) Deletion of objects (e.g., as determined by the 
Customer and ISSR). 

(3) System log-on and log-off. 

(4) Unsuccessful access attempts. 

NOTE: Certain categories of system- 
initiated events create this type of 
activity independent of any user 
actions. Such events need not be 



logged. Because such actions can be 
unique to specific systems, the PSO 
and ISSR will agree on items to be 
tracked and the AISSP will reflect the 
required audits. 

(d) Require that memory and storage contain no 
residual data from the previously contained object 
before being assigned, allocated, or reallocated to 
another subject. 

(e) Identification Controls. Each person having 
access to a classified AIS shall have the proper 
security clearances and authorizations and be 
uniquely identified and authenticated before access to 
the classified AIS is permitted. The identification and 
authentication methods used shall be specified and 
approved in the AIS Security Plan. User access 
controls in classified AISs shall include 
authorization, user identification, and authentication 
administrative controls for assigning these shall be 
covered in the AISSP. 

(1) User Authorizations. The manager or supervisor 
of each user of a classified AIS shall determine the 
required authorizations, such as need-to-know, for 
that user. 

(2) User Identification. Each system user shall have 
a unique user identifier and authenticator. 

a) User ID Removal. The ISSR shall ensure the 
development and implementation of procedures for 
the prompt removal of access from the classified AIS 
when the need for access no longer exists. 

b) User ID Revalidation. The AIS ISSR shall ensure 
that all user IDs are revalidated at least annually, and 
information such as sponsor and means of off-line 
contact (e.g., phone number, mailing address) are 
updated as necessary. 
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(f) Authentication. Each user of a classified AIS shall 
be authenticated before access is permitted. This 
authentication can be based on any one of three types 
of information: something the person knows (e.g., a 
password); something the person possesses (e.g., a 
card or key); something about the person (e.g., 
fingerprints or voiceprints); or some combination of 
these three. Authenticators that are passwords shall 
be changed at least every six months. 

(1) Requirements. 

a) Log-on. Users shall be required to authenticate 
their identities at "log- on" time by supplying their 
authenticator (e.g., password, smart card, or 
fingerprints) in conjunction with their user ID. 

b) Protection of Authenticator. An Authenticator that 
is in the form of knowledge or possession (password, 
smart card, keys) shall not be shared with anyone. 
Authenticators shall be protected at a level 
commensurate with the accreditation level of the 
Classified AIS. 

(2) Additional Authentication Countermeasures. 
Where the operating system provides the capability, 
the following features shall be implemented: 

a) Log-on Attempt Rate. Successive log-on attempts 
shall be controlled by denying access after multiple 
(maximum of five) unsuccessful attempts on the 
same user ID; by limiting the number of access 
attempts in a specified time period; by the use of a 
time delay control system; or other such methods, 
subject to approval by the Customer. 

b) Notification to the User. The user shall be notified 
upon successful log-on of: the date and time of the 
user's last log-on; the ID of the terminal used at last 
log-on; and the number of unsuccessful log-on 
attempts using this user ID since the last successful 
log-on. This notice shall require positive action by 
the user to remove the notice from the screen. 



(g) The audit, identification, and authentication 
mechanisms must be protected from unauthorized 
access, modification, or deletion. 

c) Security Assurances for System High Mode. The 
system security features for need-to-know controls 
will be tested and verified. Identified flaws will be 
corrected. 

8-203. Compartmented Security Mode. 

NOTE: Compartmented security 
mode is not normally authorized for 
SAP activities. Exceptions may be 
made by the PSO. 

a. An AIS is operating in the compartmented mode 
when users with direct or indirect access to the AIS, 
its peripherals, or remote terminals have all of the 
following: 

1. A valid personnel clearance for access to the most 
restricted information processed in the AIS. 

2. Formal access approval and have signed 
nondisclosure agreements for that information to 
which he/she is to have access (some users do not 
have formal access approval for all compartments or 
subcompartments processed by the AIS). 

3. A valid need-to-know for that information for 
which he/she is to have access. 

b. Security Features for Compartmented Mode. 

In addition to all Security Features and Security 
Assurances required for the System High Mode of 
Operation, Classified AIS operating in the 
Compartmented Mode of Operation shall also 
include: 

1. Resource Access Controls. 



(a) Security Labels. The Classified AIS shall place 
security labels on all entities (e.g., files) reflecting the 
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sensitivity (classification level, classification 
category, and handling caveats) of the information 
for resources and the authorizations (security 
clearances, need-to-know, formal access approvals) 
for users. These labels shall be an integral part of the 
electronic data or media. These security labels shall 
be compared and validated before a user is granted 
access to a resource. 

(b) Export of Security Labels. Security labels 
exported from the Classified AIS shall be accurate 
representations of the corresponding security labels 
on the information in the originating Classified AIS. 

2. Mandatory Access Controls. Mandatory access 
controls shall be provided. These controls shall 
provide a means of restricting access to files based on 
the sensitivity (as represented by the label) of the 
information contained in the files and the formal 
authorization (i.e., security clearance) of users to 
access information of such sensitivity. 

3. No information shall be accessed whose 
compartment is inconsistent with the session log-on. 

4. Support a trusted communications path between 
itself and each user for initial log-on and verification. 

5. Enforce, under system control, a system-generated, 
printed, and human-readable security classification 
level banner at the top and bottom of each physical 
page of system hard-copy output. 

6. Audit these additional events: the routing of all 
system jobs and output, and changes to security 
labels. 

7. Security Level Changes. The system shall 
immediately notify a terminal user of each change in 
the security level associated with that user during an 
interactive session. A user shall be able to query the 
system as desired for a display of the user's complete 
sensitivity label. 

c. Security Assurances for Compartmented 



Mode. 

1. Confidence in Software Source. In acquiring 
resources to be used as part of a Classified AIS, 
consideration shall be given to the level of 
confidence placed in the vendor to provide a quality 
product, to support the security features of the 
product, and to assist in the correction of any flaws. 

2. Flaw Discovery. The Provider shall ensure the 
vendor has implemented a method for the discovery 
of flaws in the system (hardware, firmware, or 
software) that may have an effect on the security of 
the AIS. 

3. No Read Up, No Write Down. Enforce an upgrade 
or downgrade principle where all users processing 
have a system-maintained classification; no data is 
read that is classified higher than the processing 
session authorized; and no data is written unless its 
security classification level is equal to or lower than 
the user's authorized processing security 
classification and all non-hierarchical categories are 
the same. 

4. Description of the Security Support Structure 
(often referred to as the Trusted Computing Base). 
The protections and provisions of the security support 
structure shall be documented in such a manner to 
show the underlying planning for the security of a 
Classified AIS. The security enforcement 
mechanisms shall be isolated and protected from any 
user or unauthorized process interference or 
modification. Hardware and software features shall 
be provided that can be used to periodically validate 
the correct operation of the elements of the security 
enforcement mechanisms. 

5. Independent Validation and Verification. An 
Independent Validation and Verification team shall 
assist in the technical evaluation testing of a 
classified AIS and shall perform validation and 
verification testing of the system as required by the 
Customer. 

6. Security Label Integrity. The methodology shall 
ensure the following: 
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(a) Integrity of the security labels; 

(b) The association of a security label with the 
transmitted data; and 

(c) Enforcement of the control features of the security 
labels. 

7. Detailed Design of security enforcement 
mechanisms. An informal description of the security 
policy model enforced by the system shall be 
available. 

8-204. Multilevel Security Mode. NOTE: 

Multilevel Security Mode is not routinely authorized 
for SCI or SAP applications. Exceptions for SCI may 
be made by the heads of CIA, DIA, or NSA on a 
case-by-case basis. Exceptions for SAP may be made 
by the Customer. 

a. An AIS is operating in the multilevel mode when 
all of the following statements are satisfied 
concerning the users with direct or indirect access to 
the AIS, its peripherals, remote terminals, or remote 
hosts; 

1 . Some users do not have a valid personnel 
clearance for all of the information processed in the 
AIS. (Users must possess a valid CONFIDENTIAL, 
SECRET, or TOP SECRET clearance.) 

2. All users have the proper clearance and have the 
appropriate access approval (i.e., signed 
nondisclosure agreements) for that information to 
which they are intended to have access. 

3. All have a valid need-to-know for that information 
to which they are intended to have access. 

b. Security Features for Multilevel Mode. In 

addition to all security features and security 
assurances required for the compartmented mode of 
operation, classified AIS operating in the multilevel 
mode of operation shall also include: 



1 . Audit. Contain a mechanism that is able to monitor 
the occurrence or accumulation of security audible 
events that may indicate an imminent violation of 
security policy. This mechanism shall be able to 
immediately notify the security administrator when 
thresholds are exceeded and, if the occurrence or 
accumulation of these security relevant events 
continues, the system shall take the least disruptive 
action to terminate the event. 

2. Trusted Path. Support a trusted communication 
path between the AIS and users for use when a 
positive AlS-to-user connection is required (i.e., log- 
on, change subject security level). Communications 
via this trusted path shall be activated exclusively by 
a user or the AIS and shall be logically isolated and 
unmistakably distinguishable from other paths. For 
Restricted Data, this requirement is only applicable to 
multilevel AIS that have at least one uncleared user 
on the AIS. 

3. Support separate operator and administrator 
functions. The functions performed in the role of a 
security administrator shall be identified. The AIS 
system administrative personnel shall only be able to 
perform security administrator functions after taking 
a distinct auditable action to assume the security 
administrative role on the AIS system. Non-security 
functions that can be performed in the security 
administrative role shall be limited strictly to those 
essential to performing the security role effectively. 

4. Security Isolation. The AIS security enforcement 
mechanisms shall maintain a domain for its own 
execution that protects it from external interference 
and tampering (e.g., by reading or modification of its 
code and data structures). The protection of the 
security enforcement mechanisms shall provide 
isolation and nonconcur circumvention of isolation 
functions. For Restricted Data, this requirement is 
only applicable to multilevel AIS that have at least 
one uncleared user on the AIS. 

5. Protection of Authenticator. Authenticators shall 
be protected at the same level as the information they 
access. 
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c. Security Assurances for Multilevel Mode. 

1 . Flaw Tracking and Remediation. The Provider 
shall ensure the vendor provides evidence that all 
discovered flaws have been tracked and remedied. 

2. Life-Cycle Assurance. The development of the 
Classified AIS hardware, firmware, and software 
shall be under life-cycle control and management 
(i.e., control of the Classified AIS from the earliest 
design stage through decommissioning). 

3. Separation of Functions. The functions of the AIS 
IS SR and the Classified AIS manager shall not be 
performed by the same person. 

4. Device Labels. The methodology shall ensure that 
the originating and destination device labels are a 
part of each message header and enforce the control 
features of the data flow between originator and 
destination. 

5. Security Penetration Testing. In addition to testing 
the performance of the classified AIS for certification 
and for ongoing testing, there shall be testing to 
attempt to penetrate the security countermeasures of 
the system. The test procedures shall be documented 
in the test plan for certification and for ongoing 
testing. 

6. Trusted Recovery. Provide procedures and/or 
mechanisms to assure that, after an AIS system 
failure or other discontinuity, recovery without a 
protection compromise is obtained. 

7. Covert Channels. A covert channel analysis shall 
be performed. 
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Section 3. System Access and Operation 



8-300. System Access. Access to the system will 
be limited to authorized personnel. Assignment of 
AIS access and privileges will be coordinated with 
the ISSR. Authentication techniques must be used to 
provide control for information on the system. 
Examples of authentication techniques include, but 
are not limited to: passwords, tokens, biometrics, and 
smart cards. User authentication techniques and 
procedures will be described in the AISSP. 

a. User IDs. User IDs identify users in the system 
and are used in conjunction with other authentication 
techniques to gain access to the system. User IDs will 
be disabled whenever a user no longer has a need-to- 
know. The user ID will be deleted from the system 
only after review of programs and data associated 
with the ID. Disabled accounts will be removed from 
the system as soon as practical. Whenever possible, 
access attempts will be limited to five tries. Users 
who fail to access the system within the established 
limits will be denied access until the user ID is 
reactivated. 

b. Access Authentication. 

1. Password. When used, system log-on passwords 
will be randomly selected and will be at least six 
characters in length. The system log-on password 
generation routine must be approved by the 
Customer. 

Random password generation 
techniques will be used where 
available. When user-generated 
passwords are used, passwords 
must be constructed to resist 
“dictionary”-based attacks. The 
specific structure will be defined in 
the AISSP. 

2. Validation. Authenticators must be validated by 



the system each time the user accesses the AIS. 

3. Display. System log-on passwords must not be 
displayed on any terminal or contained in the audit 
trail. When the AIS cannot prevent a password from 
being displayed (e.g., in a half- duplex connection), 
an overprint mask shall be printed before the 
password is entered to conceal the typed password. 

4. Sharing. Individual user authenticators (e.g., 
passwords ) will not be shared by any user. 

5. Password Life. Passwords must be changed at least 
every six months. 

6. Compromise. Immediately following a suspected 
or known compromise of a password or Personal 
Identification Number (PIN) the ISSR will be 
notified and a new password or PIN issued. 

7. Group Log-on Passwords. Use of group log-on 
passwords must be justified and approved by the 
Customer. After log-on, group passwords may be 
used for file access. 

Group log-on passwords will not be 
used as the primary method of 
authentication. 

c. Protection of Authenticators. Master data files 
containing the user population system log-on 
authenticators will be encrypted when practical. 
Access to the files will be limited to the ISSR and 
designated alternate(s), who will be identified in 
writing. 

d. Modems. Modems require Customer approval 
prior to connection to an AIS located in a Customer 
SAPF. 

Unencrypted modems are not 
normally authorized for use in a PSO 
SAPF. Exceptions may be approved 
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by the PSO. 

e. User Warning Notice. The Customer may require 
log-on warning banners be installed. When 
technically feasible, the official DoD warning banner 
will be used on all AIS processing special access 
information. 

8-301. System Operation. 

a. Processing initialization is the act of changing the 
AIS form unclassified to classified, from one 
classified processing level to another, or from one 
compartment to another or from one Customer to 
another. To begin processing classified information 
on an approved AIS the following procedures must 
be implemented: 

1. Verify that prior mode termination was properly 
performed. 

The ISSR must develop, implement, 
and monitor procedures that verify 
prior mode termination is properly 
performed in accordance with the 
PSO approved AISSP and that no 
other previously processed data 
remain active on the AIS. 

2. Adjust the area security controls to the level of 
information to be processed. 

3. Configure the AIS as described in the approved 
AISSP. The use of logical disconnects requires 
Customer approval. 

Logical disconnects may be 
approved by the PSO for TS/SAR 
when justified. Requests for use 
must describe the equipment to be 
used and the procedures for use, and 
must describe the maximum possible 
extent of a contamination in the event 
of a failure. Logical disconnects for 



S/SAR and below may be employed, 
provided the procedures for use are 
clearly described in the AISSP. 

4. Initialize the system for processing at the approved 
level of operation with a dedicated copy of the 
operating system. This copy of the operating system 
must be labeled and controlled commensurate with 
the security classification and access levels of the 
information to be processed during the period. 

b. Unattended Processing. Unattended processing 
will have open storage approval and concurrence 
from the customer. Prior to unattended processing, all 
remote input and/or output (I/O) not in approved 
open storage areas will be physically or electrically 
disconnected from the host CPU. The disconnect will 
be made in an area approved for the open storage. 
Exceptions are on a case-by-case basis and will 
require Customer approval. 

c. Processing Termination. Processing termination 
of any AIS will be accomplished according to the 
following requirements. 

1. Peripheral Device Clearing. Power down all 
connected peripheral devices to sanitize all volatile 
buffer memories. Overwriting of these buffer areas 
will be considered by the Customer on a case-by-case 
basis. 

2. Removable Storage Media. Remove and properly 
store removable storage media. 

3. Non-removable (Fixed) Storage Media. Disconnect 
(physically or electrically) all storage devices with 
nonremovable storage media not designated for use 
during the next processing period. 

4. CPU Memory. Clear or sanitize as appropriate all 
internal memory including buffer storage and other 
reusable storage devices (which are not disabled, 
disconnected, or removed) in accordance with Table 
3. 
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5. Laser Printers. Unless laser printers operating in 
SAPFs will operate at the same classification level 
with the same access approval levels during the 
subsequent processing period, they will be cleared by 
running three pages of unclassified randomly 
generated text. For SCI, five pages of unclassified 
pages will be run to clear the printer. These pages 
will not include any blank spaces or solid black areas. 
Otherwise, no pages need be run through the printer 
at mode termination. 

6. Thermal printers. Thermal printers have a thermal 
film on a spool and take-up reel. Areas in which these 
types of laser printers are located will be either 
approved for open storage, or the spools and take-up 
reels will be removed and placed in secure storage. 
The printer must be sanitized prior to use at a 
different classification level. 

7. Impact-type Printers. Impact-type printers (e.g., 
dot-matrix) in areas not approved for open storage 
will be secured as follows: Remove and secure all 
printer ribbons or dispose of them as classified trash. 
Inspect all printer platens. If any indication of 
printing is detected on the platen, then the platen will 
be either cleaned to remove such printing or removed 
and secured in an approved classified container. 

8. Adjust area security controls. 

8-302. Collocation of Classified and 
Unclassified AIS. 

a. Customer permission is required before a Provider 
may collocate unclassified AIS and classified AIS. 
This applies when: 

1. The unclassified information is to be processed on 
an AIS located in a SAPF, or 

2. The unclassified information is resident in a 
database located outside of a SAPF but accessed 
from terminals located within the SAPF. 

b. AIS approved for processing unclassified 
information will be clearly marked for 



UNCLASSIFIED USE ONLY when located within a 
SAPF. In addition the following requirements apply: 

Unclassified AIS must be approved 
by the PSO. Procedures for using 
unclassified AISs will be identical to 
those specified in the AISSP for 
classified processing unless they are 
specifically exempted by the PSO. 

1. Must be physically separated from any classified 
AIS. 

2. Cannot be connected to the classified AIS. 

3. Users shall be provided a special awareness 
briefing. 

4. ISSR must document the procedures to ensure the 
protection of classified information. 

5. All unmarked media is assumed to be classified 
until reviewed and verified. 

c. Unclassified portable AIS devices are prohibited 
in a SAPF unless Customer policy specifically 
permits their use. If permitted, the following 
procedures must be understood and followed by the 
owner and user: 

Unclassified portable AIS pose an 
extreme risk and will not be 
introduced into an SAPF unless a 
specific mission requirement exists 
and prior approval is granted by the 
PSO. 

1. Connection of unclassified portable AIS to 
classified AIS is prohibited. 

2. Connection to other unclassified AISs may be 
allowed provided Customer approval is obtained. 

3. Use of an internal or external modem with the AIS 
device is prohibited within the SAPF. 

4. The Provider will incorporate these procedures in 
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the owner's initial and annual security briefing. 

5. Procedures for monitoring portable AIS devices 
within the SAPF shall be outlined in either the AISSP 
or the Facility Security Plan. These devices and the 
data contained therein are subject to security 
inspection by the ISSR and the Customer. Procedures 
will include provisions for random reviews of such 
devices to ensure that no classified program-specific 
or program-sensitive data is allowed to leave the 
secure area. Use of such a device to store or process 
classified information may, at the discretion of the 
Customer, result in confiscation of the device. All 
persons using such devices within the secure area 
will be advised of this policy during security 
awareness briefings. 

6. Additionally, where Customer policy permits, 
personally owned portable AIS devices may be used 
for unclassified processing only and must follow the 
previous guidelines. 

Personally owned portable AIS 
devices are prohibited in SAPFs. The 
ISSR will develop a plan for the 
management and control of 
personally owned calculators. 

8-303. System Auditing. 

a. Audit Trails. Audit trails provide a chronological 
record of AIS usage and system support activities 
related to classified or sensitive processing. In 
addition to the audit trails normally required for the 
operation of a stand-alone AIS, audit trails of 
network activities will also be maintained. Audit 
trails will provide records of significant events 
occurring in the AIS in sufficient detail to facilitate 
reconstruction, review, and examination of events 
involving possible compromise. Audit trails will be 
protected from unauthorized access, modification, 
and deletion. Audit trail requirements are described 
under mode of operation. Examples of audit 
logs and records will be attached to 
the AISSP as appendices for 
approval by the PSO. 



b. Additional Records and Logs. The following 
additional records or logs will be maintained by the 
Provider regardless of the mode of operation. These 
will include: 

1 . Maintenance and repair of AIS hardware, 
including installation or removal of equipment, 
devices, or components. 

2. Transaction receipts, such as equipment 
sanitization, release records, etc. 

3. Significant AIS changes (e.g., disconnecting or 
connecting remote terminals or devices, AIS 
upgrading or downgrading actions, and applying 
seals to or removing them from equipment or device 
covers). 

c. Audit Reviews. The audit trails, records, and logs 
created during the above activities will be reviewed 
and annotated by the ISSR (or designee) to be sure 
that all pertinent activity is properly recorded and 
appropriate action has been taken to correct 
anomalies. The Customer will be notified of all 
anomalies that have a direct impact on the security 
posture of the system. The review will be conducted 
at least weekly. 

d. Record Retention. The Provider will retain the 
most current 6 to 12 months (Customer Option) of 
records derived from audits at all times. The 
Customer may approve the periodic use of data 
reduction techniques to record security exception 
conditions as a means of reducing the volume of 
audit data retained. Such reduction will not result in 
the loss of any significant audit trail data. 

Audit records will be maintained for 
12 months. Printed copies need not 
be maintained when other storage 
options are available. 
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Section 4. Networks 



8-400. Networks. This section addresses 
network-specific requirements that are in addition to 
the previously stated AIS requirements. Network 
operations must preserve the security requirements 
associated with the AIS's mode of operation. 

a. Types of Networks. 

1. A unified network is a collection of AISs or 
network systems that are accredited as a single entity 
by a single CSA. A unified network may be as simple 
as a small LAN operating in dedicated mode, 
following a single security policy, accredited as a 
single entity, and administered by a single IS SR. The 
perimeter of such a network encompasses all its 
hardware, software, and attached devices. Its 
boundary extends to all its users. A unified network 
has a single mode of operation. This mode of 
operation will be mapped to the level of trust required 
and will address the risk of the least trusted user 
obtaining the most sensitive information processed or 
stored on the network. 

2. An interconnected network is comprised of 
separately accredited AISs and/or unified networks. 
Each self-contained AIS maintains its own intra-AIS 
services and controls, protects its own resources, and 
retains its individual accreditation. Each participating 
AIS or unified network has its own ISSR. The 
interconnected network must have a security support 
structure capable of adjudicating the different 
security policy (implementations) of the participating 
AISs or unified networks. An interconnected network 
requires accreditation, which may be as simple as an 
addendum to a Memorandum of Agreement (MO A) 
between the accrediting authorities. 

b. Methods of Interconnection. 

1. Security Support Structure (SSS) is the hardware. 



software, and firmware required to adjudicate 
security policy and implementation differences 
between and among connecting unified networks 
and/or AISs. The SSS must be accredited. The 
following requirements must be satisfied as part of 
the SSS accreditation: 

(a) Document the security policy enforced by the 
SSS. 

(b) Identify a single mode of operation. 

(c ) Document the network security architecture and 
design. 

(d) Document minimum contents of MO As required 
for connection to the SSS. 

2. The interconnection of previously accredited 
systems into an accredited network may require a 
reexamination of the security features and assurances 
of the contributing systems to ensure their 
accreditations remain valid. 

The interconnection of previously- 
accredited systems into an 
accredited network will require a 
reexamination of the AIS security 
features, and an update to the AISSP 
and submission to the PSO for 
approval. 

(a) Once an interconnected network is defined and 
accredited, additional networks or separate AISs 
(separately accredited) may only be connected 
through the accredited SSS. 

(b) The addition of components to contributing 
unified networks which are members of an accredited 
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interconnected network are allowed provided these 
additions do not change the accreditation of the 
contributing system. 

c. Network Security Management. The Provider 
will designate an IS SR for each Provider network. 

The ISSR may designate a Network Security 
Manager (NSM) to oversee the security of the 
Provider's network(s), or may assume that 
responsibility. The ISSR is responsible for 
coordinating the establishment and maintenance of a 
formal network security program based on an 
understanding of the overall security-relevant 
policies, objectives, and requirements of the 
Customer. The NSM is responsible for ensuring day- 
to-day compliance with the network security 
requirements as described in the AISSP (as covered 
below) and this Supplement. 

d. Network Security Coordination. When different 
accrediting authorities are involved, a Memorandum 
of Agreement is required to define the cognizant 
authority and the security arrangements that will 
govern the operation of the overall network. When 
two or more ISSRs are designated for a network, a 
lead ISSR will be named by the Provider(s) to ensure 
a comprehensive approach to enforce the Customer's 
overall security policy. 

e. Network Security. 

The AISSP must address: 

1. A description of the network services and 
mechanisms that implement the network security 
policy. 

2. Consistent implementation of security features 
across the network components. 

(a) Identification and Authentication Forwarding. 
Reliable forwarding of the identification shall be used 
between AISs when users are connecting through a 



network. When identification forwarding cannot be 
verified, a request for access from a remote AIS shall 
require authentication before permitting access to the 
system. 

(b) Protection of Authenticator Data. In forwarding 
the authenticator information and any tables (e.g., 
password tables) associated with it, the data shall be 
protected from access by unauthorized users (e.g., 
encryption), and its integrity shall be ensured. 

(c) Description of the network and any external 
connections. 

(d) The network security policy including mode of 
operation, information sensitivities, and user 
clearances. 

(e) Must address the internode transfer of information 
(e.g., sensitivity level, compartmentation, and any 
special access requirements) and how the information 
is protected. 

(f) Communications protocols and their security 
features. 

(g) Audit Trails and Monitoring. 

( 1) If required by the mode of operation, the 
network shall be able to create, maintain, and protect 
from modification or unauthorized access or 
destruction an audit trail of successful and 
unsuccessful accesses to the AIS network 
components within the perimeter of the accredited 
network. The audit data shall be protected so that 
access is limited to the ISSR or his/her designee. 

(2) For Restricted Data, methods of continuous on- 
line monitoring of network activities may be included 
in each network operating in the Compartmented 
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Security Mode or higher. This monitoring may also 
include real-time notification to the ISSR of any 
system anomalies. 

(3) For Restricted Data networks operating in the 
Compartmented Mode or higher, the Customer may 
require the audit trail to include the changing of the 
configuration of the network (e.g., a component 
leaving the network or rejoining). 

(4) The audit trail records will allow association of 
the network activities with corresponding user audit 
trails and records. 

(5) Provisions shall be made and the procedures 
documented to control the loss of audit data due to 
unavailability of resources. 

(6) For Restricted Data, the Customer may require 
alarm features that automatically terminate the data 
flow in case of a malfunction and then promptly 
notify the ISSR of the anomalous conditions. 

(h) Secure Message Traffic. The communications 
methodology for the network shall ensure the 
detection of errors in traffic across the network links. 

f. Transmission Security. Protected Distribution 
Systems or National Security Agency approved 
encryption methodologies shall be used to protect 
classified information on communication lines that 
leave the SAPF. Protected distribution systems shall 
be either constructed in accordance with the national 
standards or utilize National Security Agency 
approved protected distribution systems. 

g. Records. The Customer may require records be 
maintained of electronic transfers of data between 
automated information systems when those systems 
are not components of the same unified network. 
Such records may include the identity of the sender, 



identity and location of the receiver, date/time of the 
transfer, and description of the data sent. Records are 
retained according to 8-303. d. 

Transaction records will be 
maintained for information 
electronically-transferred between 
different provider facilities or 
between a provider and the PSO 
when the transaction occurs between 
AISs that are not part of the same 
unified network (e.g., stand-alone 
computers with STU lll/STE data 
transfer capability). Logs and 
procedures for use will be described 
in the AISSP. Transfer records for 
C/SAP or unclassified information are 
not required. 
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Section 5. Software and Data Files 



8-500. Software and Data Files. 

a. Acquisition and Evaluation. ISSR approval will 
be obtained before software or data files may be 
brought into the SAPF. All software must be acquired 
from reputable and/or authorized sources as 
determined by the ISSR. The Provider will check all 
newly acquired software or data files, using the most 
current version and/or available of vims checking 
software and procedures identified in the AISSP to 
improve assurance that the software or data files are 
free from malicious code. 

The PSO will be notified of additions 
or changes to the software listed in 
the AISSP. Updated versions of the 
AISSP will reflect these changes. The 
ISSR will implement a procedure to 
ensure that all software introduced 
into the SAPF will be controlled and 
reviewed before use. 

b. Protection. Media that may be written to (e.g., 
magnetic media) must be safeguarded commensurate 
with the level of accreditation of the dedicated or 
system high AIS. Media on compartmented or multi- 
level AISs will be protected commensurate with the 
level of the operating session. If a physical write- 
protect mechanism is utilized, media may be 
introduced to the AIS and subsequently removed 
without changing the original classification. The 
integrity of the write-protection mechanism must be 
verified at a minimum of once per day by attempting 
to write to the media. Media which cannot be 
changed (e.g., CD read-only media) may be loaded 
onto the classified system without labeling or 
classifying it provided it is immediately removed 
from the secure area. If this media is to be retained in 
the secure area, it must be labeled, controlled, and 
stored as 

unclassified media as required by the Customer. 



The ISSR will develop and implement 
specialized procedures for 
controlling magnetic media such as 
vendor software. The procedures will 
address storage, marking, 
classification, unauthorized copying, 
creation of working disks, etc., and 
be included in the AISSP. 

1. System Software. Provider personnel who are 
responsible for implementing modifications to system 
or security-related software or data files on classified 
AISs inside the SAPF will be appropriately cleared. 
Software that contains security related functions (e.g., 
sanitization, access control, auditing) will be 
validated to confirm that security-related features are 
fully functional, protected from modification, and 
effective. 

2. Application Software. Application software or data 
files (e.g., general business software), that will be 
used by a Provider during classified processing, may 
be developed/modified by personnel outside the 
security area without the requisite security clearance 
with the concurrence of the Customer. 

3. Releasing Software. Software that has not been 
used on an AIS processing classified information 
may be returned to a vendor. If media containing 
software (e.g., applications) are used on a classified 
system and found to be defective, such media may 
not be removed from a SAPF for return to a vendor. 
When possible, software will be tested prior to its 
introduction into the secure facility. 

Vendor software acquired before 
implementation of a control program 
as described in paragraph 8-500b will 
not be released until a 100-percent 
review of the media is accomplished. 

c. Targe tability. For SCI and SAP the software, 
whether obtained from sources outside the facility or 
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developed by Provider personnel, must be 
safeguarded to protect its integrity from the time of 
acquisition or development through its life cycle at 
the Provider's facility (i.e., design, development, 
operational, and maintenance phases). Uncleared 
personnel will not have any knowledge that the 
software or data files will be used in a classified area, 
although this may not be possible in all cases. Before 
software or data files that are developed or modified 
by uncleared personnel can be used in a classified 
processing period, it must be reviewed by 
appropriately cleared and knowledgeable personnel 
to ensure that no security vulnerabilities or malicious 
code exists. Configuration management must be in 
place to ensure that the integrity of the software or 
data files is maintained. 

d. Maintenance Software. Software used for 
maintenance or diagnostics will be maintained within 
the secure computing facility and, even though 
unclassified, will be separately controlled. The 
AISSP will detail the procedures to be used. 

Vendor-supplied maintenance 
software is a special category of 
software that requires additional 
protections. After it is introduced into 
a SAPF, this type of software will not 
be released. Handling procedures, 
such as use of classified working 
copies and write-protection features, 
will be developed by the ISSR and 
approved by PSO. 

e. Remote Diagnostics. Customer approval will be 
obtained prior to using vendor-supplied remote 
diagnostic links for on-line use of diagnostic 
software. The AISSP will detail the procedures to be 
used. 

8-501. Data Storage Media. Data storage 

media will be controlled and labeled at the 
appropriate classification level and access controls of 
the AIS unless write-protected in accordance with 8- 
500.b. Open storage approval will be required for 
non-removable media. 



The ISSR must develop and 
implement procedures for the control 
of data storage media that 
demonstrate a reasonable capability 
to protect the PSO’s data from loss, 
alteration, or unauthorized 
disclosure. Given the ease and speed 
with which classified information can 
be copied to unclassified or 
unmarked media, these procedures 
must encompass all magnetic media 
in the SAPF. The procedures will be 
described in the AISSP. 

a. Labeling Media. All data storage media will be 
labeled in human-readable form to indicate its 
classification level, access controls (if applicable), 
and other identifying information. Data storage media 
that is to be used solely for unclassified processing 
and collocated with classified media will be marked 
as UNCLASSIFIED. Color coding (i.e., media, 
labels) is recommended. If required by the Customer, 
all removable media will be labeled with a 
classification label immediately after removing it 
from its factory-sealed container. 

Identifying information will include 
data that can identify the individual 
responsible for the media. 

Removable media will be labeled on 
removal from the factory-sealed 
container. 

b. Reclassification. When the classification of the 
media increases to a higher level, replace the 
classification label with a higher classification-level 
label. The label will reflect the highest classification 
level, and access controls (if applicable) of any 
information ever stored or processed on the AIS 
unless the media is write -protected by a Customer- 
approved mechanism. Media may never be 
downgraded in classification without the Customer's 
written approval. 

Flexible magnetic media will normally 
be destroyed instead of being 
downgraded or declassified. The PSO 
will evaluate requests on a case-by- 
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case basis. 

c. Copying Unclassified Information from a 
Classified AIS. 

1. The unclassified data will be written to factory 
fresh or verified unclassified media using approved 
copying routines and/or utilities and/or procedures as 
stated in the AISSP. For SCI and SAP, media to be 
released will be verified by reviewing all data on the 
media including embedded text (e.g., headers and 
footers). Data on media that is not in human readable 
form (e.g., imbedded graphs, sound, video) will be 
examined for content with the appropriate software 
applications. Data that cannot be reasonably observed 
in its entirety will be inspected by reviewing random 
samples of the data on the media. 

2. Moving Classified Data Storage Media Between 
Approved Areas. The IS SR will establish procedures 
to ensure that data will be written to factory-fresh or 
sanitized media. The media will be reviewed to 
ensure that only the data intended was actually 
written and that it is appropriately classified and 
labeled. Alternatives for special circumstances may 
be approved by the Customer. All procedures will be 
documented in the AISSP. 

d. Overwriting, Degaussing, Sanitizing, and 
Destroying Media. Cleared and sanitized media may 
be reused within the same classification level (i.e., 
TS-TS) or to a higher level (i.e., SECRET-TS). 
Sanitized media may be downgraded or declassified 
with the Customer's approval. Only approved 
equipment and software may be used to overwrite 
and degauss magnetic media containing classified 
information. Each action or procedure taken to 
overwrite or degauss such media will be verified. 
Magnetic storage media that malfunctions or contains 
features that inhibit overwriting or degaussing will be 
reported to the ISSR, who will coordinate repair or 
destruction with the Customer. (See Table 2.) 

Caution: Overwriting, degaussing, and 
sanitizing are not synonymous with 
declassification. Declassification is a separate 
administrative function. Procedures for 



declassifying media require Customer 
approval. 

The sanitization, declassification, and 
release of media used to process 
program information may only be 
authorized on a case-by-case basis 
by the PSO and GPM. Various risk 
factors, such as the sensitivity and 
volume of the data, will be evaluated. 
If the PSO and GPM determine the 
information contained on the media 
is, or was, too sensitive to risk any 
possibility of exposure to 
unauthorized personnel, the media in 
question will be retained under SAP 
classification control or destroyed. 
Only customer-approved equipment 
and software may be used to 
overwrite and degauss magnetic 
media. These products will be tested 
to assure correct operation before 
each use, either by inspection or by 
built-in test devices. These products 
will be operated in accordance with 
the operating manual supplied by the 
manufacturer. 

1 . Overwriting Media. Overwriting is a software 
procedure that replaces the data previously stored on 
magnetic storage media with a predefined set of 
meaningless data. Overwriting is an acceptable 
method for clearing. Only approved overwriting 
software that is compatible with the specific 
hardware intended for overwriting will be used. Use 
of such software will be coordinated in advance with 
the Customer. The success of the overwrite procedure 
will be verified through random sampling of the 
overwritten media. The effectiveness of the overwrite 
procedure may be reduced by several factors: 
ineffectiveness of the overwrite procedures, 
equipment failure (e.g., misalignment of read/write 
heads), or inability to overwrite bad sectors or tracks 
or information in inter-record gaps. To clear 
magnetic disks, overwrite all locations three (3) times 
(first time with a character, second time with its 
complement, and the third time with a random 
character). Items which have been cleared must 
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remain at the previous level of classification and 
remain in a secure, controlled environment. 

2. Degaussing Media. Degaussing (i.e., 
demagnetizing) is a procedure that reduces the 
magnetic flux to virtual zero by applying a reverse 
magnetizing field. Properly applied, degaussing 
renders any previously stored data on magnetic media 
unreadable and may be used in the sanitization 
process. Degaussing is more reliable than overwriting 
magnetic media. Magnetic media are divided into 
three types. Type I degaussers are used to degauss 
Type I magnetic media (i.e., media whose coercivity 
is no greater than 350 Oersteds (Oe)). Type II 
degaussers are used to degauss Type II magnetic 
media (i.e., media whose coercivity is no greater than 
750 Oe). Currently there are no degaussers that can 
effectively degauss all Type III magnetic media (i.e., 
media whose coercivity is over 750 Oe). Some 
degaussers are rated above 750 Oersteds and their 
specific approved rating will be determined prior to 
use. Coercivity of magnetic media defines the 
magnetic field necessary to reduce a magnetically 
saturated material's magnetization to zero. The 
correct use of degaussing products improves 
assurance that classified data is no longer retrievable 
and that inadvertent disclosure will not occur. Refer 
to the current issue of NSA's Information Systems 
Security Products and Ser\’ices Catalogue 
(Degausser Products List Section) for the 
identification of degaussers acceptable for the 
procedures specified herein. These products will be 
periodically tested to ensure continued compliance 
with the specification NSA CSS Media 
Declassification and Destruction Manual NSA 130-2. 

3. Sanitizing Media. Sanitization removes 
information from media such that data recovery using 
any known technique or analysis is prevented. 
Sanitizing is a two-step process that includes 
removing data from the media in accordance with 
Table 3 and removing all classified labels, markings, 
and activity logs. 

4. Destroying Media. Data storage media will be 
destroyed in accordance with Customer-approved 
methods. 



5. Releasing Media. Releasing sensitive or classified 
Customer data storage media is a three-step process. 
First, the Provider will sanitize the media and verify 
the sanitization in accordance with procedures in this 
chapter. Second, the media will be administratively 
downgraded or declassified either by the CSA or the 
ISSR, if such authority has been granted to the ISSR. 
Third, the sanitization process, downgrading or 
declassification, and the approval to release the 
media will be documented. 
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Table 2 

Clearing and Sanitization Data Storage 



Type Media 


Clear 


Sanitize 


(a) Magnetic Tape 


Type I 


a or b 


a, b, or destroy 


Type II 


a or b 


b or destroy 


Type III 


a or b 


Destroy 


(b) Magnetic Disk Packs 


Type I 




a, b,or c 


Type II 




b or c 


Type III 




Destroy 


(c) Magnetic Disk Packs 


Floppies 


a, b, or c 


Destroy 


Bernoulli's 


a, b, or c 


Destroy 


Removable Hard Disks 


a, b, or c 


a, b, c, or destroy 


Non-Removable Hard Disks 


c 


a, b, c, or destroy 


(d) Optical Disk 


Read Only 




Destroy 


Write Once, Read Many (Worm) 




Destroy 


Read Many, Write Many 


c 


Destroy 



These procedures will be performed by or as directed by the ISSR. 

a. Degauss with a Type 1 degausser 

b. Degauss with a Type II degausser 

c. Overwrite all locations with a character, its complement, then with a random character. Verify that all sectors 
have been overwritten and that no new bad sectors have occurred. If new bad sectors have occurred during classified 
processing, this disk must be sanitized by method a or b described above. Use of the overwrite for sanitization must 
be approved by the Customer. 



NOTE: For hand-held devices (e.g., calculators or personal directories), sanitization is dependent upon the type and 
model of the device. If there is any question about the correct sanitization procedure, contact the manufacturer or the 
Customer. In general, sanitization is accomplished as follows: Depress the "CLEAR ENTRY" and the "CLEAR 
MEMORY" buttons, remove the battery for several hours, and remove all associated magnetic media and retain it in 
the SAPF or destroy. In some models there are special-purpose memories and key-numbered memories, as well as 
"register stacks." Caution will be taken to clear all such memories and registers. This may take several key-strokes 
and may require the use of the operator's manual. Test the hand held device to ensure that all data has been removed. 
If there is any question, the device will remain in the SAPF or be destroyed. 
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Table 3 

Sanitizing AIS Components 



TYPE 

Magnetic Bubble Memory 
Magnetic Core Memory 
Magnetic Plated Wire 
Magnetic-Resistive Memory 

Solid State Memory Components 

Random Access Memory (RAM) (Volatile) 

Nonvolatile RAM (NOVRAM) 

Read Only Memory (ROM) 

Programmable ROM (PROM) 

Erasable Programmable ROM (EPROM) 

Electronically Alterable PROM (EAPROM) 

Electronically Erasable PROM (EEPROM) 

Flash EPROM (FEPROM) 

These procedures will be performed by or as 

a. Degauss with a Type 1 degausser. 

b. Degauss with a Type II degausser. 

c. Overwrite all locations with any character. 

d. Overwrite all locations with a character, its complement, then with a random character. 

e. Each overwrite will reside in memory for a period longer than the classified data resided. 

f. Remove all power, including batteries and capacitor power supplies, from RAM circuit board. 

g. Perform an ultraviolet erase according to manufacturer's recommendation, but increase time requirements by a factor 
of 3. 

h. Pulse all gates. 

i. Perform a full chip erase. (See Manufacturer's data sheet.) 

j. Check with Customer to see if additional procedures are required. 

k. Destruction required only if ROM contained a classified algorithm or classified data. 

l. Some NOVRAM are backed up by a battery or capacitor power source; removal of this source is sufficient for release 
following item f procedures. Other NOVRAM are backed up by EEPROM which requires application of the procedures 
for EEPROM (i.e., i, then d and j). 



directed by the ISSR. 



PROCEDURE 

a, b, or c 
a, b,or d 
d or e 
Destroy 



f, then j 

1 

Destroy (see k) 
Destroy (see k) 

g, then d and j 

h, then d and j 

i, then d and j 
i, then d and j 
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Section 6. AIS Acquisition, Maintenance, and Release 



8-600. AIS Acquisition, Maintenance, and 
Release. 

a. Acquisition. AISs and AIS components that will 
process classified information will be protected 
during the procurement process from direct 
association with the Customer's program. When 
required by the Customer, protective packaging 
methods and procedures will be used while such 
equipment is in transit to protect against disclosure of 
classified relationships that may exist between the 
Customer and the Provider. 

b. Maintenance Policy. The Provider will discuss 
maintenance requirements with the vendor before 
signing a maintenance contract. The Customer may 
require that AISs and AIS components used for 
processing Customer information will be protected 
during maintenance from direct association with the 
Customer's program. 

1 . Cleared maintenance personnel are those who have 
a valid security clearance and access approvals 
commensurate with the information being processed. 
Complete sanitization of the AIS is not required 
during maintenance by cleared personnel, but need- 
to-know will be enforced. However, an appropriately 
cleared Provider individual will be present within the 
SAPF while a vendor performs maintenance to 
ensure that proper security procedures are being 
followed. Maintenance personnel without the proper 
access authorization and security clearance will 
always be accompanied by an individual with proper 
security clearance and access authorization and never 
left alone in a SAPF. The escort shall be approved by 
the ISSR and be technically knowledgeable of the 
AIS to be 

repaired. 

2. Prior to maintenance by a person requiring escort, 
either the device under maintenance shall be 



physically disconnected from the classified AIS (and 
sanitized before and after maintenance) or the entire 
AIS shall be sanitized before and after maintenance. 
When a system failure prevents clearing of the 
system prior to maintenance by escorted maintenance 
personnel. Customer-approved procedures will be 
enforced to deny the escorted maintenance personnel 
visual and electronic access to any classified data that 
may be contained on the system. 

3. All maintenance and diagnostics should be 
performed in the Provider's secure facility. Any AIS 
component or equipment released from secure 
control for any reason may not be returned to the 
SAPF without the approval of the ISSR. The 
Customer may require that a permanent set of 
procedures be in place for the release and return of 
components. These procedures will be incorporated 
into the AISSP. 

The AISSP will include procedures 
for the release and return of AIS 
components. 

c. Maintenance Materials and Methods. 

1. Unclassified Copy of Operating System. A 
separate, unclassified, dedicated for maintenance 
copy of the operating system (i.e., a specific copy 
other than the copy(s) used in processing Customer 
information), including any micro-coded floppy disks 
or cassettes that are integral to the operating system, 
will be used whenever maintenance is done by 
uncleared personnel. This copy will be labeled 
"UNCLASSIFIED-FOR MAINTENANCE USE 
ONLY." Procedures for an AIS using a 
nonremovable storage device on which the operating 
system is resident will be considered by the Customer 
on a case-by-case basis. 

Maintenance software for systems 
with fixed disks or other devices that 
make sanitizing unfeasible will be 
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classified at the level of the system 
and brought into control. 

2. Vendor-supplied Software and/or Firmware. 
Vendor-supplied software and/or firmware used for 
maintenance or diagnostics will be maintained within 
the secure computing facility and stored and 
controlled as though classified. If permitted by the 
Customer, the ISSR may allow, on a case-by-case 
basis, the release of certain types of costly magnetic 
media for maintenance such as disk head-alignment 
packs. 

3. Maintenance Equipment and Components. All 
tools, diagnostic equipment, and other devices carried 
by the vendor to the Provider's facility will be 
controlled as follows: 

(a) Tool boxes and materials belonging to a vendor 
representative will be inspected by the assigned 
escort before the vendor representative is permitted to 
enter the secure area. 

(b) The ISSR will inspect any maintenance hardware 
(such as a data scope) and make a best technical 
assessment that the hardware cannot access classified 
data. The equipment will not be allowed in the secure 
area without the approval of the ISSR. 

(c) Maintenance personnel may bring kits containing 
component boards into the secure facility for the 
purpose of swapping out component boards that may 
be faulty. Any component board placed into an 
unsanitized AIS will remain in the security facility 
until proper release procedures are completed. Any 
component board that remains in the kit and is not 
placed in the AIS may be released from the secure 
facility. 

(d) Any communication devices with transmit 
capability belonging to the vendor representative or 
any data storage media not required for the 
maintenance visit will be retained outside the SAPF 



for return to the vendor representative upon departure 
from the secure area. 

4. Remote Diagnostic Links. Remote diagnostic links 
require Customer approval. Permission for the 
installation and use of remote diagnostic links will be 
requested in advance and in writing. The detailed 
procedures for controlling the use of such a link or 
links will have the written approval of the Customer 
prior to implementation. 

d. Release of Memory Components and Boards. 

Prior to the release of any component from an area 
used to process or store Customer information, the 
following requirements will be met in respect to 
coordination, documentation, and written approval. 
This section applies only to components identified by 
the vendor or other technically knowledgeable 
individual as having the capability of retaining user 
addressable data and does not apply to other items 
(e.g., cabinets, covers, electrical components not 
associated with data), which may be released without 
reservation. For the purposes of this document, a 
memory component is considered to be the Lowest 
Replaceable Unit (LRU) in a hardware device. 
Memory components reside on boards, modules, and 
sub-assemblies. A board can be a module or may 
consist of several modules and subassemblies. Unlike 
media sanitization, clearing may be an acceptable 
method of sanitizing components for release (see 8- 
501, Table 3). Memory components are specifically 
handled as either volatile or nonvolatile as described 
below. 

1. Volatile Memory Components. Memory 
components that do not retain data after removal of 
all electrical power sources, and when reinserted into 
a similarly configured AIS do not contain residual 
data, are considered volatile memory components. 
Volatile components may be released only after 
accomplishing the following steps: 

(a) Maintain a record of the equipment release 
indicating that all component memory is volatile and 
that no data remains in/on the component when 
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power is removed. 

(b) Equipment release procedures must be developed 
by the ISSR and stated in the AISSP. 

2. Nonvolatile Memory Components. Memory 
components that do retain data when all power 
sources are disconnected are nonvolatile memory 
components. Nonvolatile memory components 
defined as read only memory (ROM), programmable 
ROM (PROM), or erasable PROM (EPROM) that 
have been programmed at the vendor's commercial 
manufacturing facility are considered to be 
unalterable in the field and may be released. 
Customized components of this nature that have been 
programmed with a classified algorithm or classified 
data will be destroyed. All other nonvolatile 
components may be released after successful 
completion of the procedures outlined in 8-501, 

Table 3. Failure to accomplish these procedures will 
require the ISSR to coordinate with the Customer for 
a determination of releasability. Nonvolatile 
components shall be released only after 
accomplishing the following steps: 

(a) Maintain a record of the equipment release 
indicating the procedure used for sanitizing the 
component, who performed the sanitization, and who 
it was released to. 

(b) Equipment release procedures must be developed 
by the ISSR and stated in the AISSP. The record will 
be retained for 12 months. 

All nonvolatile memory components 
will require the ISSR to coordinate 
with the PSO in advance to determine 
the releasability. 

3. Inspecting AIS Equipment. All AIS equipment 
designated for release will be inspected by the ISSR. 
This review will ensure that all media including 
internal disks have been removed. 



8-601. Test Equipment. The Provider will 
determine the capability of individual test 
instruments to collect and process information. If 
necessary, the manufacturer will be asked to provide 
this information. A description of the capabilities of 
individual test equipment will be provided to the 
Customer. Security requirements are based on 
concerns about the capability of the equipment to 
retain sensitive or classified data. Test equipment 
with nonvolatile fixed or removable storage media 
will comply with the requirements of this Supplement 
and be approved by the Customer for introduction 
and use in the SAPF. Test equipment with no data 
retention and no secondary storage does not require 
Customer approval. 
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Section 7. Documentation and Training 



8-700. Documentation and Training. 

a. Provider Documentation. The Provider will 
develop, publish, and promulgate a corporate AIS 
security policy, which will be maintained on file by 
the ISSR. 

b. Security Documentation. The Provider will 
develop and maintain security-related documentation 
which are subject to review by the Customer as 
follows: 

1. AISSP. Prepare and submit to the Customer for 
approval an AISSP in accordance with Customer 
guidance that covers each AIS which will process 
information for the Customer. This plan will 
appropriately reference all other applicable Provider 
security documentation. In many cases, an AISSP 
will include information that should not be provided 
to the general user population. In these cases, a 
separate user security guide will be prepared to 
include only the security procedures required by the 
users. 

2. Physical Security Accreditation. Maintain on file 
the physical security accreditation documentation that 
identifies the date(s) of accreditation, and 
classification level(s) for the system device locations 
identified in the AISSP, and any open storage 
approvals. 

3. Processing Approval. Maintain on file the 
Customer's processing approval (i.e., interim 
approval or accreditation) that specifies the date of 
approval, system, system location, mode of 
operation, and classification level for which the AIS 
is approved. 

4. Memorandum of Agreement. Maintain on 



file a formal memorandum of agreement signed by 
all Customers having data concurrently processed by 
an AIS or attached to the network. 

5. AIS Technical Evaluation Test Plan. As a 
prerequisite to processing in the compartmented or 
multilevel mode, develop and submit a technical 
evaluation test plan to the Customer for approval. 

The technical evaluation test plan will provide a 
detailed description of how the implementation of the 
operating system software, data management system 
software, and related security software packages will 
enable the AIS to meet the compartmented or 
multilevel mode requirements stated herein. The test 
plan will also outline the test procedures proposed to 
demonstrate this compliance. The results of the test 
will be maintained for the life of the system. 

6. Certification Report. The Certification Report will 
be maintained for the life of the system. 

c. System User Training and Awareness. All AIS 

users, custodians, maintenance personnel, and others 
whose work is associated with the Customer will be 
briefed on their security responsibilities. These 
briefings will be conducted by the Provider. Each 
individual receiving the briefing will sign an 
agreement to abide by the security requirements 
specified in the AISSP and any additional 
requirements initiated by the Customer. This security 
awareness training will be provided prior to the 
individual being granted access to the classified AIS 
and at least annually thereafter. The awareness 
training will cover the following items and others as 
applicable: 

1 . The security classifications and compartments 
accessible to the user and the protection 
responsibilities for each. If the user is a privileged 
user, discuss additional responsibilities 
commensurate with those privileges; 
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2. Requirements for controlling access to AISs (e.g., 
user IDs, passwords and password security, the need- 
to-know principle, and protecting terminal screens 
and printer output from unauthorized access); 

3. Methods of securing unattended AISs such as 
checking print routes, logging off the host system or 
network, and turning the A IS off; 

4. Techniques for securing printers such as removing 
latent images from laser drums, cleaning platens, and 
locking up ribbons; 

5. Caution against the use of government-sponsored 
computer resources for unauthorized applications; 

6. The method of reporting security-related incidents 
such as misuse, violations of system security, 
unprotected media, improper labeling, network data 
spillage, etc.; 

7. Media labeling, including classification labels, 
data-descriptor labels, placement of labels on media, 
and maintenance of label integrity; 

8. Secure methods of copying and verifying media; 

9. Methods of safeguarding media, including write 
protection, removal from unattended AISs, and 
storage; 

10. Methods of safeguarding hard-copy output, 
including marking, protection during printing, and 
storage; 

1 1 . Policy on the removal of media; 

12. Methods of clearing and sanitizing media; 

13. Procedures for destroying and disposing of 
media, printer ribbons, and AIS circuit boards and 
security aspects of disposing of AISs; 

14. Methods of avoiding viruses and other malicious 
code including authorized methods of acquiring 
software, examining systems regularly, controlling 
software and media, and planning for emergencies. 
Discuss the use of recommended software to protect 



against viruses and steps to be taken when a virus is 
suspected; 

15. AIS maintenance procedures including the steps 
to be taken prior to AIS maintenance and the user's 
point-of-contact for AIS maintenance matters; 

16. Any special security requirements with respect to 
the user's AIS environment including connections to 
other AIS equipment or networks; 

17. The use of personally owned electronic devices 
within the SAPF; 

18. Any other items needed to be covered for the 
specific Customer's program. 

The ISSR will maintain a record of 
topics presented and names of 
personnel receiving the training. 
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Chapter 9 
Restricted Data 

Section 1. Introduction 



9-100. General. This chapter of the NISPOMSUP 
addresses those supplemental security requirements 
for SECRET Restricted Data (SRD) and TOP 
SECRET Restricted Data (TSRD) information which 
have been identified as being sufficiently sensitive to 
necessitate security standards above and beyond 
those mandated by the NISPOM baseline document. 
Hereafter these are referred to as Critical SRD or 
TSRD. CONFIDENTIAL RD and all classification 
levels of Formerly Restricted Data shall be protected 
in accordance with the requirements in the 
NISPOM baseline document. In addition to those 
requirements in Chapter 9 of the NISPOM, this 
chapter prescribes the supplemental requirements for 
the protection of Critical SRD and TSRD 
information. Neither the NISPOM nor the NIS- 
POMSUP are to be construed to apply to the 
safeguarding requirements for Special Nuclear 
Material, Nuclear Explosive Like Assemblies, or 
Nuclear Weapons. 

SAPs that use Critical Secret/RD/FRD 
and Top Secret/RD/FRD material will 
protect those data in accordance with 
this chapter and any MOA or MOU 
established with the RD/FRD- 
cognizant security agency. 

9-101. Requirements. Under the authority of the 
Atomic Energy Act of 1954, the Secretary of Energy, 
using his/her authority over Restricted Data, may 
issue orders, guides, and manuals concerning 
protection of Restricted Data. These issuances serve 
as the basis for government-wide implementation 
procedures. However, these procedures of other 
agencies have not been endorsed by DOE. As a result 
of changes in the world situation, these policy 
issuances are currently under review by the Joint 
DOE/DOD Nuclear Weapons Information Access 
Authorization Review Group. Until the Review 



Group's recommendations are approved as policy by 
the Secretary of Energy, DOD contractors will 
continue to protect Critical SRD and TSRD in 
accordance with established contractual provisions. A 
revision of this chapter will be developed and 
promulgated following the results of the Joint 
DOE/DOD Nuclear Weapons Information Access 
Authorization Review Group. Nothing in this 
paragraph alters or abridges the authority of the 
Secretary of Energy under the Atomic Energy Act of 
1954, as amended. DOD contracts awarded in the 
interim period dealing with the physics of nuclear 
weapons design, as specified in 9- 10 l.a through 9- 
101. i, will be reviewed by technically qualified 
representatives to determine if the contract involves 
the above specified Critical SRD or TSRD 
information. If so, this chapter's requirements will 
be included in the contractual document. DOE 
technical experts will be available to provide advice 
and assistance upon request by contracting agency 
representative. Should the results of the Joint 
DOE/DOD Nuclear Weapons Information Access 
Authorization Review Group modify the information 
specified in 9-101. a through 9-101 .i, the affected 
contracts may be amended. For DOE contractors, 
Restricted Data will continue to be protected in 
accordance with the Department of Energy's 5600 
series Safeguards and Security orders until the 
Review Group 's recommendations are approved as 
policy by the Secretary of Energy and this chapter is 
revised to conform to the new policy. 

a. Theory of operation ( hydrodynamic and nuclear) 
or completed design of thermonuclear weapons or 
their unique components. This definition includes 
specific information about the relative placement of 
components and their functions with regard to 
initiating and sustaining the thermonuclear reaction. 
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b. Theory of operation or complete design of fission 
weapons or their unique components. This definition 
includes the high explosive system with its detonators 
and firing unit, pit system, and nuclear initiating 
system as they pertain to weapon design and theory. 

c. Manufacturing and utilization information which 
reveals the theory of operation or design of the 
physics package. 

d. Information concerning inertial confinement 
fusion which reveals or is indicative of weapon data. 

e. Complete theory of operation, complete or partial 
design information revealing sensitive design features 
or information on energy conversion of a nuclear 
directed energy weapon. Sensitive information 
includes but is not limited to the nuclear energy 
converter, energy director, or other nuclear directed 
energy system or components outside the envelope of 
the nuclear source but within the envelope of the 
nuclear directed energy weapon. 

f. Manufacturing and utilization information and 
output characteristics for nuclear energy converters, 
directors, or other nuclear directed energy weapon 
systems or components outside the envelope of the 
nuclear source and which do not comprehensively 
reveal the theory of operation, sensitive design 
features of the nuclear directed energy weapon or 
how the energy conversion takes place. 

g. Nuclear weapon vulnerability assessment 
information concerning use control systems that 
reveals an exploitable design feature, or an 
exploitable system weakness or deficiency, which 
could be expected to permit the unauthorized use or 
detonation of a nuclear weapon. 

h. Detailed design and functioning information of 
nuclear weapon use control systems and their 
components. Includes actual hardware and drawings 



that reveal design or theory of operation. This also 
includes use control information for passive and 
active systems as well as for disablement systems. 

i. Access to specific categories of noise and quieting 
information, fuel manufacturing technology and 
broad policy or program direction associated with 
Naval Nuclear Propulsion Plants as approved by the 
Naval Nuclear Propulsion Program CSA. 

9 - 102 . 

a. Contractors shall establish protective measures 
for the safeguarding of Critical SRD and TSRD in 
accordance with the requirements of this chapter. 
Where these requirements are not appropriate for 
protecting specific types or forms of material, 
compensatory provisions shall be developed and 
approved by the CSA, with the concurrence of DOE, 
as appropriate. Nothing in this NISPOMSUP shall 
be construed to contradict or inhibit compliance 
with the law or building codes. 

b. Access to Restricted Data shall be limited to 
persons who possess appropriate access 
authorization, or PCL, and who require such access 
( need-to-know ) in the performance of official duties 
(i.e., have a verifiable need-to-know ). For access to 
TOP SECRET Restricted Data, an individual must 
possess an active Q access authorization, or a final 
TOP SECRET PCL, based on a SSBI. For access to 
Critical SECRET Restricted Data, as defined in 9- 
lOl.a through 9-101.i, an individual must possess 
an active Q access authorization, or final TOP 
SECRET or SECRET PCL, based on a SSBI. 
Controls shall be established to detect and deter 
unauthorized access to Restricted Data. 
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Section 2. Secure Working Areas 



9-200. Secure Working Areas. 

a. General. When not placed in approved storage. 
Critical SRD and TSRD must be maintained in 
approved Secured Working Areas, and be constantly 
attended to by, or under the control of, a person or 
persons having the proper access authorization, or 
PCL, and a need- to-know, who are responsible for 
its protection. 

b. Requirements. Secure Working Area boundaries 
shall be defined by physical barriers (e.g., fences, 
walls, doors). Protective personnel or other measures 
shall be used to control authorized access through 
designated entry portals and to deter unauthorized 
access to the area. A personnel identification system 
(e.g., security badge) shall be used as a control 
measure when there are more than 30 persons per 
shift. Entrance/Exit inspections for prohibited articles 
and/or Government property may be conducted by 
protective personnel. When access to a Secure 
Working Area is authorized for a person without 
appropriate access authorization or need-to-know, 
measures shall be taken to prevent compromise of 
classified matter. Access to safeguards and security 
interests within a Secure Working Area, when not in 
approved storage, is controlled by the custodian(s) or 
authorized user(s). Means shall be used to detect 
unauthorized intrusion appropriate to the classified 
matter under protection. 

9-201. Barriers. 

Physical barriers shall be used to demarcate the 
boundaries of a Secure Working Area. Permanent 
barriers shall be used to enclose the area, except 
during construction or transient activities, when 
temporary barriers may be erected. Temporary 



barriers may be of any height and material that 
effectively impede access to the area. 

a. Walls. Building materials shall offer penetration 
resistance to, and evidence of, unauthorized entry 
into the area. Construction shall meet local building 
codes. Walls that constitute exterior barriers of 
Security Areas shall extend from the floor to the 
structural ceiling, unless equivalent means are 
used. 

1. When transparent glazing material is used, visual 
access to the classified material shall be prevented 
by the use of drapes, blinds, or other means. 

2. Insert-type panels (if used) shall be such that they 
cannot be removed from outside the area being 
protected without showing visual evidence of 
tampering. 

b. Ceilings and Floors. Ceilings and floors shall be 
constructed of building materials that offer 
penetration resistance to, and evidence of, 
unauthorized entry into the area. Construction shall 
meet local building codes. 

c. Doors. Doors and door jambs shall provide the 
necessary barrier delay rating required by the 
applicable procedure. As a minimum, requirements 
shall include the following: 

1 . Doors with transparent glazing material may be 
used if visual access is not a security concern; 
however, they shall offer penetration resistance to, 
and evidence of, unauthorized entry into the area. 

2. A sight baffle shall be used if visual access is a 
factor. 
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3 . An astragal shall be used where doors used in 
pairs meet. 



4. Door louvers, baffle plates, or astragals, when 
used, shall be reinforced and immovable from 
outside the area being protected. 



d. Windows. The following requirements shall be 
applicable to windows: 

1. When primary reliance is placed on windows as 
physical barriers, they shall offer penetration 
resistance to, and evidence of, unauthorized entry 
into the area. 

2. Frames shall be securely anchored in the walls, 
and windows shall be locked from the inside or 
installed in fixed (nonoperable) frames so the panes 
are not removable from outside the area being 
protected. 

3 . Visual barriers shall be used if visual access is a 
factor. 



e. Unattended Openings. 

1. Physical protection features shall be implemented 
at all locations where storm sewers, drainage swells, 
and site utilities intersect the fence perimeter. 

2 . Unattended openings in security barriers, which 
meet the following criteria, must incorporate 
compensatory measures such as security bars: 
greater than 96 inches square ( 619.20 square 
centimeters) in area and greater than 6 inches 
( 15.24 centimeters) in the smallest dimension; and 
located within 18 feet ( 5.48 meters) of the ground, 
roof, or ledge of a lower Security Area; or located 
14 feet ( 4.26 m) diagonally or directly opposite 
windows, fire escapes, roofs, or other openings in 
uncontrolled adjacent buildings; or located 6 feet 
( 1.83 m) from uncontrolled openings in the same 
barrier. 
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Section 3. Storage Requirements 



9-300. General. 

Custodians and authorized users of Critical SKI) 
and TSRD are responsible for the protection and 
control of such matter. 

9-301. TSRD Storage. 

TOP SECRET Restricted Data that is not under the 
personal control of an authorized person shall be 
stored within a security repository located within a 
Secure Working Area with CSA approved 
supplementary protection consistent with Chapter 5- 
307. a and 5-307. b of the NISPOM baseline. 
Authorized repositories are as follows: 

a. In a locked, General Services Administration- 
approved security container. 

b. In a vault or vault-type room. 

9-302. Critical SRD Storage. 

Critical SRD shall be stored in a manner authorized 
for Top Secret Restricted Data matter or in one of 
the following ways: 

a. In a locked General Services Administration- 
approved security container located within a Secure 
Working Area. 

b. In a General Services Administration-approved 
security container, not located within a Secure 
Working Area, under supplemental protection (i.e., 
intrusion detection system protection or protective 
patrol). 

c. In a steel filing cabinet, not meeting General 
Services Administration requirements, but approved 
for use prior to the date of this 



NISPOMSUP, which may continue to be used until 
there is a need for replacement. It shall be equipped 
with a minimum of either an Underwriter 
Laboratories Group 1, built-in, changeable 
combination lock or a lock that meets Federal 
Specification FF-P-110 "Padlock, Changeable 
Combination. " Steel filing cabinets located within a 
Secure Working Area shall be under approved 
supplemental protection (i.e., intrusion detection 
system protection or protective patrol). If the steel 
filing cabinet is not located within a Secure 
Working Area, it shall be under intrusion detection 
system protection. 
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Chapter 10 

International Security Requirements 
Section 1. International Security 



10-100. International Security. 

International security information that is required by 
a SAP or is SAP-related will conform to the 
NISPOM as directed by the PSO. 

International Security Considerations 

a. The National Disclosure Policy 
(NDP) governs all foreign disclosures 
of classified military information. All 
SAPs shall comply with the National 
Disclosure Policy. SAPs will include 
foreign disclosure and security 
planning at the beginning of the 
Prospective SAP process or at the 
earliest date that possible foreign 
disclosure is identified in an ongoing 
SAP. Security planning for foreign 
disclosure is an ongoing process 
that requires reviews at each 
milestone in the SAP lifecycle. When 
a SAP is identified for international 
cooperation or foreign disclosure, all 
foreign disclosure and policy 
guidance will be in accordance with 
the NDP-1, DoDD 5230.11, DoDD 
5530.3, enclosure 7, and the 
International Program Security 
Handbook, et al. 

b. The GPM/PSO will coordinate 
policy guidance for the development 



of a Technology Assessment/Control 
Plan (TA/CP), Memorandum of 
Agreement, and security 
documentation for all international 
programs (research/development, 
FMS, joint cooperation, and 
acquisition), with the Foreign 
Disclosure Office and the DoD 
Component SAP Central Office, as 
appropriate. 
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Chapter 11 
Miscellaneous 

Section 1. TEMPEST 



11-100. TEMPEST Requirements. When 

compliance with TEMPEST standards is required for 
a contract, the GPM/PSO will issue specific guidance 
in accordance with current national directives that 
afford consideration to realistic, validated, local 
threats, cost effectiveness, and zoning. 

NOTE: Within DoD, TEMPEST is 
known as EMSEC. 



a. Each department or agency has 
appointed Certified TEMPEST 
Technical Authorities (CTTAs) who 
must conduct and validate all 
TEMPEST countermeasure reviews 
by the National Policy. 

b. The program security officer, with 
guidance from a CTTA, shall 
determine if a review is required and 
direct the completion of a TEMPEST 
Requirements Questionnaire. 

c. If a review is required, a CTTA will 
determine if the equipment, system, 
or facility has a TEMPEST 
requirement, and if so, will 
recommend the most cost effective 
countermeasure which will contain 
compromising emanations within the 
inspectable space. The inspectable 
space is defined as the three 
dimensional space surrounding 
equipment that 



processes National Security 
information (NSI) within which 
TEMPEST exploitation is not 
considered practical or where legal 
authority to identify and/or remove a 
potential TEMPEST exploitation 
exists. 



d. Only those TEMPEST 
countermeasures recommended by 
CTTA and authorized by the program 
manager or contracting authority 
should be implemented. The 
processing of Special Category NSI 
or the submission of information for 
a TEMPEST countermeasure review 
does not imply a requirement to 
implement TEMPEST 
countermeasures. TEMPEST 
countermeasures which may be 
recommended by CTTA include, but 
are not limited to: 

1. The use of shielded enclosures or 
architectural shielding; 

2. The use of equipment which have 
TEMPEST profiles or TEMPEST 
zones which match the inspectable 
space, distance, or zone respectively; 
and 

3. The use of RED/BLACK installation 
guidance as provided by reference 
(c). 

e. Telephone line filters, power 
filters, and non-conductive 



li-i-i 




disconnects are not required for 
TEMPEST purposes unless 
recommended by a CTTA as part of a 
TEMPEST countermeasure 
requirement. Telephone line 
disconnects, not to be confused with 
telephone line filters, may be 
required for non-TEMPEST purposes. 
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Section 2. Government Technical Libraries 



11-200. SAP information will not be sent to the 
National Defense Technical Information Center or 
the U.S. Department of Energy Office of Scientific 
and Technical Information. 
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Section 3. Independent Research and Development 



11-300. General. The use of SAP information 
for a contractor Independent Research and 
Development (IR&D) effort will occur only with the 
specific written permission of the Contracting 
Officer. Procedures and requirements necessary for 
safeguarding SAP classified information when it is 
incorporated in a contractor's IR&D effort will be 
coordinated with the PSO. 

Only authorized Government 
Contracting Officers may approve 
contractors to conduct SAP 
independent research and 
development (IR&D). A letter defining 
the authority to conduct IR&D, a DD 
Form 254, and an appropriate 
NISPOMSUP selector and 
classification guide will be provided 
to each contractor. Contractors who 
are conducting, or who desire to 
conduct SAP IR&D under this 
section, but who have not obtained 
proper authority, must contact the 
appropriate contracting authority. 

11-301. Retention of SAP Classified 
Documents Generated Under IR&D 
Efforts. With the permission of the Contracting 
Officer, the contractor may be allowed to retain the 
classified material generated in connection with a 
classified IR&D effort. The classified documents 
may be required to be sanitized. If necessary, the 
Government agency will provide the contractor 
assistance in sanitizing the material to a collateral or 
unclassified level (i.e., by reviewing and approving 
the material for release). 

The Program Offices for determining 
sanitization and releasibility of SAP 
IR&D documents are identified in the 
contracts letter and DD Form 254. 

11-302. Review of Classified IR&D 
Efforts. IR&D operations and documentation that 
contain SAP classified information will be subject to 



review in the same manner as other SAP classified 
information in the possession of the contractor. 

These reviews normally will be 
conducted at the same time as 
reviews of other SAPs at that activity. 

The Program Office/PSO will approve 
subcontracts before they are issued 
for IR&D efforts. 
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Section 4. Operations Security 



11-400. Special Access Programs may require 
unique Operations Security (OPSEC) plans, surveys, 
and activities to be conducted as a method to identify, 
define, and provide countermeasures to 
vulnerabilities. These requirements may be made part 
of the contractual provisions. 

Provide an OPSEC orientation to 
newly assigned personnel. Cover the 
activity OPSEC program, designated 
essential elements of friendly 
information (EEFI), OPSEC lessons 
learned, and the OPSEC role. Include 
OPSEC in annual refresher training. 
Include common OPSEC 
vulnerabilities, significance of 
unclassified data, tactical deception, 
new lessons learned, and other 
OPSEC subjects that are deemed 
appropriate. 
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Section 5. Counterintelligence (Cl) Support 



11-500. Counterintelligence (Cl) Support. 

Analysis of foreign intelligence threats and risks to 
Program information, material, personnel, and 
activities may be undertaken by the Government 
Agency. Resulting information that may have a 
bearing on the security of a SAP will be provided by 
the Government to the contractor when 
circumstances permit. Contractors may use Cl 
support to enhance or assist security planning and 
safeguarding in pursuit of satisfying contractual 
obligations. Requests should be made to the PSO. 



11-501. Countermeasures. Security 

countermeasures may be required for SAPs to protect 
critical information, assets, and activities. When 
OPSEC countermeasures are necessary, they will be 
made a part of the contract provisions and cost 
implementation may be subject to negotiation. 
Countermeasures may be active or passive 
techniques, measures, systems, or procedures 
implemented to prevent or reduce the timely effective 
collection and/or analysis of information which 
would reveal intentions or capabilities (e.g., 
traditional security program measures, electronic 
countermeasures, signature modification, operational 
and/or procedural changes, direct attack against and 
neutralization of threat agents and/or platforms, etc.). 

When conditions warrant, the PSO 
may require a TSCM survey of a 
SAPF for approval or reaccreditation 
of a previously used facility. 
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Section 6. Decompartmentation, Disposition, and 
Technology Transfer 



11-600. Every scientific paper, journal article, 
book, briefing, etc., pertaining to a SAP and 
prepared by personnel currently or previously 
briefed on the SAP that is proposed for publication 
or presentation outside of the SAP will be reviewed 
by the PSO and a Program-briefed Public Affairs 
Officer (PAO) if available. Any release will be by 
the GPM. Often SAP-unique "tools" such as models, 
software, technology, and facilities may be valuable 
to other SAPs. Some information, material, 
technology, or components may not be individually 
sensitive. If information or materials can be 
segregated and disassociated from the SAP aspects of 
the Program, decompartmentation and release of the 
information and/or materials may be approved to 
support U.S. Government activities. The information 
and materials proposed for release will remain 
within the Program Security Channels until 
authorized for release. 

11-601. Procedures. The following procedures 
apply to the partial or full decompartmentation, 
transfer (either to another SAP or collateral 
Program), and disposition of any classified 
information, data, material(s), and hardware or 
software developed under a SAP contract or 
subcontract (SCI information will be handled within 
SCI channels). 

a. Decompartmentation. Prior to 
decompartmenting any classified SAP information 
or other material(s) developed within the Program, 
the CPSO will obtain the written approval of the 
GPM. Decompartmentation initiatives at a Program 
activity will include completion of a 
Decompartmentation or Transfer Review Format 
Include supporting documentation that will be 
submitted through the PSO to the GPM. Changes, 
conditions and stipulations directed by the GPM will 
be adhered to. Approval of Program 
decompartmentation and all subsequent transfers 
will be in writing. 



b. Technology Transfer. Technologies may be 
transferred through established and approved 
channels in cases where there would be a net benefit 
to the U.S. Government and Program information is 
not exposed or compromised. The Contracting 
Officer is the approval authority for technology 
transfers. 

Technology transfer as used in this 
section refers to transfer of 
information/material between U.S. 
Government Agencies. For transfer 
of technology information/ 
material/classified military 
information to a foreign government 
or international organization, see 
Chapter 10. 

1 . Contractor Responsibilities. CPSOs will ensure 
that technologies proposed for transfer receive a 
thorough security review. The review will include a 
written certification that all classified items and 
unclassified Program-sensitive information have 
been redacted from the material in accordance with 
sanitization procedures authorized by the GPM. A 
description of the sanitization method used and 
identification of the official who accomplished the 
redaction will accompany the information or 
material(s) forwarded to the GPM for review and 
approval. 

2. Government Responsibilities. The contracting 
officer's representative (COR), PSO, and GPM will 
make every attempt to review requests expeditiously. 
Requests will be submitted at least thirty (30) 
working days prior to the requested release date. 
This is particularly important when requesting 
approval for Program-briefed personnel to make non- 
Program related presentations at conferences, 
symposia, etc. 
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3. General. 



(a) Technology transfers of DoD SAP 
information/hardware will utilize the 
Technology Transfer Request (SAP 
Format 29) and the Technology 
Transfer Log (SAP Format 30). 

(b) Among US government agencies, 
technology transfer between DoD 
SAPs does not require the approval 
of a Contracting Officer. These 
technology transfers will be 
approved by the GPM and PSO from 
both the SAP that owns the 
information/hardware and the SAP 
that is receiving the information/ 
hardware. 
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Section 7. Other Topics 



11-700. Close-out of a SAP. At the initiation 

of a contract close-out, termination or completion of 
the contract effort, the CPSO will consider actions 
for disposition of residual hardware, software, 
documentation, facilities, and personnel accesses. 
Security actions to close-out Program activities will 
prevent compromise of classified Program elements 
or other SAP security objectives. The contractor may 
be required to submit a termination plan to the 
Government. The master classified material 
accountability record (log or register) normally will 
be transferred to the PSO at Program close-out. 

11-701. Special Access Program Secure 
Communications Network. SAPs may use a 
SAP secure communications and/or data network 
linking the GPM and/or contractors with associated 
technical, operational, and logistic support activities 
for secure communications. 



11-702. Patents. Patents involving SAP 
information will be forwarded to the GPM/PSO for 
submission to the Patents Office. The PSO will 
coordinate with Government attorneys and the 
Patent Office for submission of the patent. 

11-703. Telephone Security. The PSO will 

determine the controls, active or inactive, to be 
placed on telecommunication lines. SAPFs 
accredited for discussion or electronic processing 
will comply with DCID 1/21 and Telephone Security 
Group (TSG) standards as determined by the PSO. 

Note: DCID 6/9 supercedes DCID 
1 / 21 . 

11-704. Treaty Guidance. 



a. Background. DoD Directive 2060.1 
provides that the Arms Control 
implementation and compliance 
responsibilities for SAPs must be 



accomplished under the cognizance 
of the DoD SAP Oversight Committee 
(SAPOC) in a manner consistent with 
the SAP Policy DoD Directive 5205.7, 
and DoD Instruction 5205.11. DoD 
SAPs must be prepared to 
demonstrate compliance with treaties 
and agreements to which the United 
States Government (USG) is a 
signatory. DoD SAPs shall be 
protected against unnecessary or 
inadvertent exposure during USG 
participation in authorized 
verification activities, confidence- 
building measures, and overflights. 
The PSO/CPSO should be familiar 
with various arms control verification 
activities in order to exercise security 
oversight for SAPs. 

b. Inspection Readiness Plans. Each 
DoD Component sponsoring or 
acting as the executive agent for a 
SAP is responsible for providing 
arms control implementation 
guidance and direction to all SAPs 
under its cognizance. If required, 
inspection readiness plans should be 
site-specific and should include 
detailed managed access provisions. 
Risk assessment is a crucial part of 
the development of such plans, and 
should form the basis for plan 
content, level of detail, etc. 
Information to aid in the preparation 
of risk assessment and inspection 
readiness plans is included in 
Appendix I. 

c. On-Site Inspection Assistance. 
Each component is accountable for 
assisting the SAPs that it sponsors, 
unless relieved of that responsibility 
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by the Secretary or Deputy Secretary 
of Defense. In most cases, a treaty- 
knowledgeable representative from 
the OSD and/or from a DoD 
Component-level SAP Central Office 
will be on-site to support DoD SAP 
facilities within the first 24 hours of 
USG notification of an impending 
inspection. In the event of an 
inspection that questions U.S. 
compliance with international 
agreements, such as a Chemical 
Weapons Convention Challenge 
Inspection, a member of the Special 
Security Countermeasures Policy 
Office, Office of the Deputy Under 
Secretary of Defense for Policy 
Support, will serve as a consensus 
member of the USG Host Team. This 
individual is the acknowledged DoD 
Security Policy representative 
responsible for negotiating 
inspection activities. The responsible 
SAP component representative will 
conduct liaison between the 
PSO/CPSO and the U.S. Host Team 
representative mentioned above. 

d. SAP Treaty Vulnerability. As part 
of a continuing OPSEC program, 
potential treaty vulnerabilities must 
be addressed as part of all SAP 
vulnerability assessments. Impacts 
must be considered prior to 
accreditation of a SAP facility. The 
PSO should contact the DoD 
Component-level SAP Central Office 
for guidance on obtaining the treaty 
portion of these assessments. 

e. The Defense Treaty Inspection 
Readiness Program (DTIRP). DTIRP 
is a security preparedness and 
outreach program providing security 
education and awareness training 
regarding arms control 



implementation operational activities 
DTIRP provides advice, assistance, 
and information to DoD military and 
DoD contractor facilities. SAPs 
should not contact DTIRP directly, 
but should request assistance from 
their DoD SAP Central Office. 



11 - 7-2 




Appendix A 
Definitions 



Access Approval Authority. The individual 
responsible for final access approval and/or denial 
determination. 

Access Evaluation. The process of 
reviewing the personnel security 
information of an individual prior to 
access to DoD SAPs. 

Access Roster. A database or listing of individuals 
briefed to a Special Access Program (SAP). 

Access Termination. The removal of an individual 
from access to SAP or other Program information. 

Accountability. Assigning of a document control 
number (including copy #) which is used to establish 
individual responsibility for the document and 
permits traceability and disposition of the document. 

Accrediting Authority. A Customer official who has 
the authority to decide on accepting the security 
safeguards prescribed or who is responsible for 
issuing an accreditation statement that records the 
decision to accept those safeguards. 

Acknowledged Special Access Program (SAP). A 

SAP whose existence is publicly Acknowledged. 

A SAP that is acknowledged to exist 
and whose real overall purpose is 
identified. The specific details, 
technologies, materials, techniques, 
etc., of the program are classified as 
dictated by their vulnerability to 
exploitation and the risk of 
compromise. 

Acquisition Special Access Program (AQ-SAP). A 

special access program established primarily to 
protect sensitive research, development, testing, and 
evaluation (RDT&E) or procurement activities in 
support of sensitive military and intelligence 
requirements. 

Adjudication Authority. Entity which 
provides adjudication for eligibility or 
access to SAP information and 
facilities. 



Agent of the Government. A contractor employee 
designated in writing by the Government Contracting 
Officer who is authorized to act on behalf of the 
Government. 

AIS Media Control System. A system 
of procedures, approved by the PSO, 
which provide controls over use, 
possession, and movement of 
magnetic media in SAP facilities 
(SAPFs). The procedures must insure 
all magnetic media (classified and 
unclassified) are adequately 
protected to avert the unauthorized 
use, duplication, or removal of the 
media. The media must be secured in 
limited access containers or labeled 
with the identify of the individual 
responsible for maintaining the 
material. 

Authentication, a. To establish the validity of a 
claimed identity, b. To provide protection against 
fraudulent transactions by establishing the validity of 
message, station, individual, or originator. 

Automated Information System (AIS). A generic 
term applied to all electronic computing systems. 
AISs are composed of computer hardware (i.e., 
automated data processing ( ADP) equipment and 
associated devices that may include communication 
equipment), firmware, operating systems, and other 
applicable software. AISs collect, store, process, 
create, disseminate, communicate, or control data or 
information. 

Billets. A determination that in order to meet need- 
to-know criteria, certain SAPs may elect to limit 
access to a predetermined number of properly cleared 
employees. Security personnel do not count against 
the billet system. 

Boundary. The boundary of an AIS or network 
includes all users that are directly or indirectly 
connected and who can receive data from the system 
without a reliable human review by an appropriately 
cleared authority. 
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Carve-in. A classified contract in 
which specific security oversight 
responsibilities have been delegated 
to the Defense Security Service (DSS) 
by the government activity 
authorized to administer the SAP. 

Carve-out. A classified contract in 
which specific security oversight 
responsibilities are retained by the 
government activity authorized to 
administer the SAP. 

Certification. A statement to an accrediting authority 
of the extent to which an AIS or network meets its 
security criteria. This statement is made as part of 
and in support of the accreditation process. 

Clearing (Media). The removal of information 
from the media to facilitate continued use and to 
prevent the AIS system from recovering previously 
stored data. However, the data may be recovered 
using laboratory techniques. Overwriting and 
degaussing are acceptable methods of clearing media. 

Code word. A single classified word assigned to 
represent a specific SAP or portions thereof. 

Collateral Information. Collateral information is 
National Security Information created in parallel with 
Special Access Information under the Provisions of 
E.O. 12356 (et al) but which is not subject to the 
added formal security protection required for Special 
Access Information (stricter access controls, need-to- 
know, compartmentation, stricter physical security 
standards, etc). 

Commensurate Protective Measures. 
Equivalent physical security 
protective measures applied when 
necessary to comply with regulations 
if they are similar to those cited in the 
Overprint. 

Compelling Need. A requirement for immediate 
access to special program information to prevent 
failure of the mission or operation or other cogent 
reasons. 

See Letter of Compelling Need. 
Control. A process which allows an 



organization to regulate material 
without providing full document 
accountability. 

Contractor/Command Program Security Officer 
(CPSO). An individual appointed by the contractor 
who performs the security duties and functions for 
Special Access Programs. 

Contractor/Command Program Manager (CPM). 

A contractor-designated individual who has overall 
responsibility for all aspects of a Program. 

Counterintelligence Awareness. A state of being 
aware of the sensitivity of classified information one 
possesses, collaterally aware of the many modes of 
operation of hostile intelligence persons and others 
whose interests are inimical to the United States 
while being able to recognize attempts to 
compromise one's information, and the actions one 
should take, when one suspects he has been 
approached, to impart the necessary facts to trained 
counterintelligence personnel. 

Customer. The Government organization that 
sponsors the processing. 

Data Integrity, a. The state that exists when 
computerized data is the same as that in the source 
documents and has not been exposed to accidental or 
malicious alteration or destruction, b. The property 
that data has not been exposed to accidental or 
malicious alteration or destruction. 

Debriefing. The process of informing a person his 
need-to-know for access is terminated. 

Declassification (Media). An administrative step 
that the owner of the media takes when the 
classification is lowered to UNCLASSIFIED. The 
media must be properly sanitized before it can be 
downgraded to UNCLASSIFIED. 

Degauss, a. To reduce the magnetization to zero by 
applying a reverse (coercive) magnetizing force, 
commonly referred to as demagnetizing, or b. To 
reduce the correlation between previous and present 
data to a point that there is no known technique for 
recovery of the previous data. 

Degausser. An electrical device or hand-held 
permanent magnet assembly that generates a coercive 
magnetic force for degaussing magnetic storage 
media or other magnetic material. 
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Degaussing (Demagnetizing). Procedure using an 
approved device to reduce the magnetization of a 
magnetic storage media to zero by applying a reverse 
(coercive) magnetizing force rendering any 
previously stored data unreadable and unintelligible. 

Digraph and/or Trigraph. A two and/or three-letter 
acronym for the assigned code word or nickname. 

Disclosure Record. A record of names and dates of 
initial access to any Program information. 

e.g. For example (exempli gratia). 

Eligibility. A determination that a person meets 
personnel security standards for access to Program 
material. 

EPROM. A field-programmable read-only memory 
that can have the data content of each memory cell 
altered more than once. An EPROM is bulk-erased 
by exposure to a high-intensity ultraviolet light. 
Sometimes referred to as a reprogrammable read- 
only memory. 

EEPROM. Abbreviation for electrically erasable 
programmable read-only memory. These devices are 
fabricated in much the same way as EPROMs and. 
therefore, benefit from the industry's accumulated 
quality and reliability experience. As the name 
implies, erasure is accomplished by introducing 
electrical signals in the form of pulses to the device, 
rather than by exposing the device to ultraviolet light. 
Similar products using a nitride NMOS process are 
termed EAROMS (for electrically alterable read-only 
memory). 

EMSEC. A classified set of standards 
for limiting electric or 
electromagnetic radiation 
emanations from electronic 
equipment. Microchips, monitors, 
printers, and all electronic devices 
emit radiation through the air or 
through conductors (such as wiring 
or water pipes). For DoD purposes, 
EMSEC means TEMPEST. 

Exception (SAP Access). An 
adjudicative decision to grant or 
continue SAP access to an individual 
when information indicates that full 
compliance with personal 



adjudicative or investigative 
standards is not attainable. 

Exception (SAP Facility). An 
adjudicative decision to certify or 
accredit a SAP facility when 
conditions fail to fully comply with 
the security standards of DoD 
5220.22-M (as supplemented) and/or 
DCID 6/9. An exception may be 
issued for a period not to exceed one 
year. 

Government Program Manager (GPM). The 

senior Government Program official who has 
ultimate responsibility for all aspects of the Program. 

Handle Via Special Access Control 
Channels Only (HVSACO). 

HVSACO is an OPSEC protective 
measure used within SAP control 
channels. It is used to identify 
classified or unclassified information 
that requires handling in special 
access channels due to its sensitivity 
when associated with a SAP. When 
HVSACO is used, the material will be 
protected in accordance with the 
security requirements of the 
individual SAP or the highest 
standard where more than one SAP 
is included. 

i.e. That is (id est). 

Inadvertent Disclosure. A set of circumstances or a 
security incident in which a person has had 
involuntary access to classified information to which 
the individual was or is not normally authorized. 

Indoctrination. An initial indoctrination and/or 
instruction provided each individual approved to a 
SAP prior to his exposure concerning the unique 
nature of Program information and the policies, 
procedures, and practices for its handling. 

Information Systems Security Representative 

(ISSR). The Provider-assigned individual responsible 
for the on-site security of the AIS(s) processing 
information for the Customer. 

Intelligence SAP (INT-SAP). A SAP 
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established primarily to protect the 
planning and execution of especially 
sensitive intelligence or 
counterintelligence operations or 
collection activities. 

Joint Use Agreement. A written agreement signed 
by two or more accrediting authorities whose 
responsibility includes information processed on a 
common AIS or network. Such an agreement defines 
a cognizant security authority and the security 
arrangements that will govern the operation of the 
network. 

Letter of Compelling Need (LOCN). A 
letter, signed by the Security Officer 
and Program Manager, used to justify 
or offset the risk related to accessing 
an individual who does not fully meet 
access criteria. The LOCN describes 
the benefit to the specific SAP by 
describing the candidate’s unique 
talent, particular expertise, or 
critically-needed skill. 

Memorandum of Agreement (MOA). An 

agreement, the terms of which are delineated and 
attested to by the signatories thereto. MOA and MOU 
(Memorandum of Understanding) are used 
interchangeably. 

Need-to-know. A determination made 
by an authorized holder of classified 
information that a prospective 
recipient requires access in order to 
perform or assist in a lawful and 
authorized governmental function. 

Network. A computing environment with more than 
one independent processor interconnected to permit 
communications and sharing of resources. 

Nicknames. A combination of two separate 
unclassified words assigned to represent a specific 
SAP or portion thereof. 

Nonvolatile Memory Components. Memory 
components that do retain data when all power 
sources are disconnected. 

Object Reuse. The reassignment to some subject of a 
medium (e.g., page frame, disk sector, magnetic tape) 



that contained one or more objects. To be securely 
reassigned, such media will contain no residual data 
from the previously contained object(s). 

Office Information System (OIS). An OIS is a 

special purpose AIS oriented to word processing, 
electronic mail, and other similar office functions. An 
OIS is normally comprised of one or more central 
processing units, control units, storage devices, user 
terminals, and interfaces to connect these 
components. 

Operations and Support SAP (O&S- 
SAP). A SAP established primarily to 
protect the planning for, execution of, 
and support to especially sensitive 
military operations. An Operations 
and Support SAP may protect 
organizations, property, operational 
concepts, plans, or activities. 

Operations Security (OPSEC). The 
process of denying adversaries 
information about friendly 
capabilities and intentions by 
identifying, controlling, and 
protecting indicators associated with 
planning and conducting military 
operations and other activities. 

Other Identifiers, i.e., SAR and SAP. 

Overwrite (Re-recording) Verification. An 

approved procedure to review, display, or check the 
success of an overwrite procedure, or b. The 
successful testing and documentation through 
hardware and random hard-copy readout of the actual 
overwritten memory sectors. 

Perimeter. The perimeter of an AIS or network is the 
extent of the system that is to be accredited as a 
single system. 

Peripheral Devices. Any device attached to the 
network that can store, print, display, or enhance data 
(e.g., disk and/or tape, printer and/or plotter, an 
optical scanner, a video camera, a punched-card 
reader, a monitor, or card punch). 

Personal Computer System (PC). A PC is a system 
based on a microprocessor and comprised of internal 
memory (ROMs and RAMs), input and/or output. 
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and associated circuitry. It typically includes one or 
more read/write device(s) for removable magnetic 
storage media (e.g., floppy diskettes, tape cassettes, 
hard disk cartridges), a keyboard, CRT or plasma 
display, and a printer. It is easily transported and is 
primarily used on desk tops for word processing, 
database management, or engineering analysis 
applications. 

Program Access Request (PAR). A formal request 
used to nominate an individual for Program access. 

Program Channels or Program Security 
Channels. A method or means expressly authorized 
for the handling or transmission of classified or 
unclassified SAP information whereby the 
information is provided to indoctrinated persons. 

Program Executive Agent. The highest ranking 
military or civilian individual charged with direct 
responsibility for the Program and usually appoints 
the Government Program Manager. 

Program Material. Program material and 
information describing the service(s) provided, the 
capabilities developed, or the item(s) produced under 
the SAP. 

Program Security Officer (PSO). The Government 
official who administers the security policies for the 
SAP. 

Program Sensitive Information. Unclassified 
information that is associated with the 
Program. Material or information that, while not 
directly describing the Program or aspects of the 
Program, could indirectly disclose the actual nature 
of the Program to a non-Program-briefed individual. 

Prospective SAP (PSAP). A DoD 
program or activity for which 
enhanced security measures have 
been proposed and approved to 
facilitate security protections prior to 
establishing the effort as a DoD SAP. 

Provider. The Contractor or Government-support 
organization (or both) that provides the process on 
behalf of the Customer. 

Reciprocity (Access). Except where 
there is substantial information 
indicating that an employee may not 
satisfy the standards in DCID 6/4, 



employees with access to an existing 
SAP shall not be denied eligibility for 
access to another SAP at the same 
clearance and sensitivity level, 
provided clearance and access 
determination have been granted 
without exception, as determined 
personally by the agency head or 
deputy agency head, or have an 
existing access eligibility 
readjudicated, so long as the 
employee has a need for the 
information involved. 

Reciprocity (Facility Accreditation). In 
SAP Facilities that are co-utilized by 
more than one U.S. Government 
component, or multiple SAPs of the 
same Government component, the 
parties sharing the facility shall 
recognize the facility’s original 
accreditation as acceptable when the 
provisions of DCID 6/9 are met. 

Sanitizing. The removal of information from the 
media or equipment such that data recovery using 
any known technique or analysis is prevented. 
Sanitizing shall include the removal of data from the 
media, as well as the removal of all classified labels, 
markings, and activity logs. Properly sanitized media 
may be subsequently declassified upon observing the 
organization's respective verification and review 
procedures. 

SAP Central Office. Office within DoD 
or military department responsible 
for establishment and application of 
regulations, oversight, and security 
policy for Special Access Programs. 

SAP Facility (SAPF). A specific physical space 
that has been formally accredited in writing by the 
cognizant PSO which satisfies the criteria for 
generating, safeguarding, handling, discussing, and 
storing CLASSIFIED and/or UNCLASSIFIED 
Program information, hardware, and materials. 

SAP Project (DoD). Any effort under a 
SAP is categorized as a project, 
provided it is not protected under 
either a separate or supplemental 
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Security Classification Guide (SCG). 
Numbers must be used to designate 
any project. 

SAP Subcompartment (DoD). Any 
effort under a SAP is categorized as a 
subcompartment if it is protected 
under either a separate or 
supplemental SCG. As a minimum, a 
two-word nickname must be used to 
designate each subcompartment. In 
addition, a classified one-word code 
word designator may also be 
assigned to a subcompartment. 

Secure Working Area. An accredited facility or area 
that is used for handling, discussing and/or 
processing, but not storage of SAP information. 

Security Director. Senior individual 
that is responsible for the overall 
security management of SAP within 
that activity. 

Security Level. A clearance or classification and a 
set of designators of special access approvals; i.e., a 
clearance and a set of designators of special access 
approval or a classification and a set of such 
designators, the former applying to a user, the latter 
applying, for example, to a computer object. 

Security Officer. When used alone, 
includes both Contractor Program 
Security Officers and activity security 
officers at government facilities. 

Security Policy. The set of laws, rules, and practices 
that regulate how an organization manages, protects, 
and distributes sensitive information. A complete 
security policy will necessarily address many 
concerns beyond the scope of computers and 
communications. 

Security Profile. The approved aggregate of 
hardware/ software and administrative controls used 
to protect the system. 

Security Testing. A process used to determine that 
the security features of a system are implemented as 
designed and that they are adequate for a proposed 
application environment. This process includes 
hands- on functional testing, penetration testing, and 



verification. See also: Functional Testing, Penetration 
Testing, Verification. 

Security Violation. 1) Any knowing, 
willful, or negligent action that could 
reasonably be expected to result in 
an unauthorized disclosure of 
classified information; 2) any 
knowing, willful, or negligent action 
to classify or continue the 
classification of information contrary 
to the requirements of E.0. 12958 or 
its implementing directives; or 3) any 
knowing, willful, or negligent action 
to create or continue a SAP contrary 
to the requirements of E.0. 12958. 

Sensitive Activities. Sensitive activities are special 
access or Code word programs, critical research and 
development efforts, operations or intelligence 
activities, special plans, special activities, or sensitive 
support to the customer or customer contractors or 
clients. 

Sensitive Compartmented Information (SCI). SCI 

is classified information concerning or 
derived from intelligence sources and methods or 
analytical processes that is required to be handled 
within a formal control system established by 
Director of Central Intelligence. 

Sensitive Compartmented Information Facility 
(SCIF). SCIF is an area, room(s), building 
installation that is accredited to store, use, discuss, or 
electronically process Sensitive Compartmented 
Information (SCI). The standards and procedures for 
a SCIF are stated in DCIDs 1/19 and 1/21. 

Sensitivity Label. A collection of information that 
represents the security level of an object and that 
describes the sensitivity of the data in the object. A 
sensitivity label consists of a sensitivity level 
(classification and compartments) and other required 
security markings (e.g.. Code words, handling 
caveats) to be used for labeling data. 

Sensitivity Levels. The two sensitivity 
levels of DoD SAP accesses are 
baseline and enhanced. SCI 
constitutes its own sensitivity level 
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under policies and procedures 
established by the DCI. 

Special Access Program (SAP) (DoD). 
Any DoD program or activity (as 
authorized in E.0. 12958 employing 
enhanced security measures (e.g., 
safeguarding, access requirements, 
etc.)) exceeding those normally 
required for collateral information at 
the same level of classification. Such 
programs or activities shall be 
established, approved, and managed 
as a “DoD SAP,” including those that 
are 

- Managed under special 
delegation authorities 
previously approved by the 
Secretary of Defense or the 
Deputy Secretary of Defense. 

- Sponsored by other 
Departments or Agencies, 
where participants manage 
internal DoD security controls 
(e.g., DoD-managed 
compartments or 
subcompartments of larger 
non-DoD SAPs). 

- Approved before the issuance 
of E. 0.1 2958. 

- Conducted either to support 
or in cooperation with, other 
Departments, Agencies, 
Branches of Government, or 
governments. 

- Military intelligence and 
operations, signals 
intelligence, or specialized 
cryptographic-protection 
measures beyond the scope 
of normal security 



protections. 

Special Program Document Control Center. The 

component's activity assigned responsibility by the 
IS SR for the management, control, and accounting of 
all documents and magnetic media received or 
generated as a result of the special program activity. 

NOTE: the ISSR is responsible for 
magnetic media. The CPSO is 
responsible for overall document 
media. 

Stand-Alone AIS. A stand-alone AIS may include 
desktop, laptop, and notebook personal computers, 
and any other hand-held electronic device containing 
classified information. Stand-alone AISs by 
definition are not connected to any LAN or other type 
of network. 

System. An assembly of computer and/or 
communications hardware, software, and firmware 
configured for the purpose of classifying, sorting, 
calculating, computing, summarizing, transmitting 
and receiving, storing, and retrieving data with a 
minimum of human intervention. 

TEMPEST. See EMSEC. 

Temporary Help/Job Shopper. An 
individual employed by a cleared 
company whose services are 
retained by another cleared company 
or Government activity performing on 
SAP contracts and providing 
required services (e.g. computer, 
engineering, administrative support 
etc.) under a classified contractual 
agreement. This individual will have 
access to SAP material only at 
locations designated by the utilizing 
activity. 

Trigraph. (See Digraph and/or Trigraph.) 

Trojan Horse. A computer program with an 
apparently or actually useful function that contains 
additional (hidden) functions that surreptitiously 
exploit the legitimate authorizations of the invoking 
process to the detriment of security (for example, 
making a "blind copy" of a sensitive file for the 
creator of the Trojan horse). 
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Trusted Computer System. A system that employs 
sufficient hardware and software integrity measures 
to allow its use for processing simultaneously a range 
of sensitive or classified information. 

Trusted Path. A mechanism by which a person at a 
terminal can communicate directly with the trusted 
computing base. This mechanism can only be 
activated by the person or the trusted computing base 
and cannot be imitated by untmsted software. 

Two-Person Integrity. A provision that prohibits 
one person from working alone. 

Umbrella SAP. A term that describes 
a DoD SAP that contains 
compartments, subcompartments, or 
projects beneath the over-arching 
effort. 

Unacknowledged Special Access Program. A SAP 

having protective controls that ensure the existence of 
the program is not acknowledged, affirmed, or made 
known to any person not authorized for such 
information. The specific details, technologies, 
materials, techniques, etc., of the program are 
classified as dictated by their vulnerability to 
exploitation and the risk of compromise and are 
handled in an unacknowledged manner. 

Unacknowledged Program. A SAP 
whose nickname and/or code word 
designators are acknowledged to 
represent a SAP effort, but whose 
true purpose and/or content is not 
acknowledged, affirmed, or made 
known to any person not authorized 
for such information. For purposes of 
operational security at the 
unclassified level, a cover story 
describing plausible, but fictitious 
objectives and content for such a 
program may be employed. 

Users. Any person who interacts directly with an AIS 
or a network system. This includes both those 
persons who are authorized to interact with the 
system and those people who interact without 
authorization (e.g., active or passive wiretappers). 

Vendor. The manufacturer or sellers of the AIS 



equipment and/or software used on the special 
program. 

Virus. Malicious software. A form of Trojan horse 
that reproduces itself in other executable code. 

Volatile Memory Components. Memory 
components that do not retain data after removal of 
all electrical power sources and when reinserted into 
a similarly configured AIS do not contain residual 
data. 

Waived SAP. An unacknowledged 
DoD SAP for which the Secretary of 
Defense has waived applicable 
reporting requirements under 
Subsection 119(e) of 10 U.S.C. (and 
therefore, has more restrictive 
reporting and access controls). 

Waiver (SAP Facility). An adjudicative 
decision to certify or accredit a SAP 
facility when conditions fail to fully 
comply with the security standards of 
DoD 5220.22-M (as supplemented) 
and/or DCID 6/9. A waiver may be 
issued for a period not to exceed five 
years; however, the approving official 
must reassess the existing 
shortcoming(s) on an annual basis to 
revalidate the need for continuing a 
waiver. 

Working Paper(s). A draft classified 
document, portion of a classified 
document and material accumulated 
or created while preparing a finished 
document. 

Workstation. A high-performance, microprocessor- 
based platform that uses specialized software 
applicable to the work environment. 
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Appendix B 
AIS Acronyms 



Many computer security-related acronyms are used in this Supplement. These acronyms, after first being defined, 
are used throughout this document to reduce its length. The acronyms used in this document are defined below: 



AIS 


Automated Information System 


AISSP 


AIS Security Plan 


CM 


Configuration Management 


CCB 


Configuration Control Board 


CPU 


Central Processing Unit 


CRT 


Cathode Ray Tube (Monitor Screen Tube) 


CSA 


Cognizant Security Agency (Customer) 


DAC 


Discretionary Access Control 


DCID 


Director of Central Intelligence Directive 


DoD 


Department of Defense 


E.O. 


Executive Order 


EPROM 


Erasable Programmable Read-Only Memory 


EAPROM 


Electrically Alterable Programmable Read-Only Memory 


EEPROM 


Electrically Erasable Programmable Read-Only Memory 


I/O 


Input and/or Output 


IS SR 


Information System Security Representative 


K 


Thousand (kilo) 


LAN 


Local Area Network 


LOGON 


Log On 


MAC 


Mandatory Access Control 


MODEM 


Modulator and/or Demodulator 


NCSC 


National Computer Security Center 


NSA 


National Security Agency 


OMB 


Office of Management and Budget 


PC 


Personal Computer (i.e., desktop, laptop, notebook, or hand-held computer) 


PL 


Public Law 


PROM 


Programmable Read-Only Memory 
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RAM 


Radar Absorbing Materials 


RAM 


Random Access Memory 


RAS 


Radar Absorbing Structures 


ROM 


Read Only Memory 


SAN 


Separately Accredited Network 


SAP 


Special Access Program 


SAPF 


Special Access Program Facility 


SCI 


Sensitive Compartmented Information 


SD 


Security Director 


STD 


Standard 


TA/CP 


Technical Assessment/Control Plan 


TS 


Top Secret 


USER ID 


User Identification 
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Appendix C 
AISSP Outline 



This outline provides the basis for preparing an AIS Security Plan (AISSP). The annotated outline, with prompts and 
instructions, will assist ISSRs in preparing a plan that includes necessary overviews, descriptions, listings, and 
procedures. It will also assist in covering the requirements contained in this NISPOM Supplement. In preparing the 
AISSP, any information that does not appropriately fit under a subtitle may be placed under a main title. For 
example, a hardware list or references to a hardware list will be placed under the 4.0 AIS HARDWARE heading. 
For changes to an existing plan that do not require revision of the entire plan, provide name and date of the plan to 
be modified, date of changes on each page, and cross reference to the plan's applicable paragraph numbers. (For 
changes, only the change pages with the applicable plan name and date need to be sent to the CSA.) 
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1.0 INTRODUCTION 



This section will describe the purpose and scope of the AISSP. It may include any topic intended to help the reader 
understand and appreciate the purpose of the AISSP. Pertinent background information may also be presented to 
provide clarity. 



1.1 Security Administration. 

Provide the name and date of this plan and indicate whether it is an original or revised plan. 

Specify the cognizant Customer Program Office whose activity the AIS will support and the contract number(s), if 
applicable. 

Specify the Provider's name and address. Identify the location of the AIS equipment (including the building and 
room numbers(s)). 

Provide the names of the Provider's program manager, ISSR, alternate(s). Also provide their secure and unsecure 
telephone numbers and their normal office hours. 

Provide an organizational structure showing the name and title of all security management levels above the ISSR. 
Provide joint-use information if applicable. 



1.2 Purpose and Scope. 

The plan will describe how the Provider will manage the security of the system. Describe the purpose and scope of 
this AIS. 



2.0 SAPF DESCRIPTION. 

This section will provide a physical overview of the AIS SAPF (including its surroundings) that is used to secure the 
Customer's program activities. It will include information about the secure environment required to protect the AIS 
equipment, software, media, and output. 



2.1 Physical Environment. 
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State whether the SAPF is accredited or approved to process and store classified information, who accredited or 
approved it, the security level, and when approved. State whether the SAPF is approved for open or closed storage. 

Specify whether the storage approval is for hard disk drives, diskettes, tapes, printouts, or other items. 

State whether the approval includes unattended processing. 



2.2 Floor Layout. 

Provide a floor plan showing the location of AIS equipment and any protected wire lines. (This may be included in a 
referenced appendix. ) The building and room number(s) will match the information provided in the hardware listing 
(see 4.0). 



2.3 SAPF Access. 

Describe procedures for controlling access to the AIS(s) to include: after hours access, personnel access controls, 
and procedures for providing access to uncleared visitors (e.g., admitting, sanitizing area, escorting). 



2.4 TEMPEST. 

If applicable, describe TEMPEST countermeasures. 



3.0 AIS DESCRIPTION 

This section will provide a detailed description of the system and describe its security features and assurances. 
Describe variances and exceptions. 



3.1 General Information 

Provide a system overview and description. 

Specify clearance level, formal access (if appropriate), and need-to-know requirements that are being supported. 

Identify the data to be processed including classification levels, compartments, and special handling restrictions that 
are relevant. 

State the mode of operations. 
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Indicate the AIS's usage (in percent) that will be dedicated to the Customer's activity (e.g, periods processing). 



3.2 Configuration and Connectivity. 

Specify whether the AIS is to operate as a stand-alone system, as a terminal connected to a mainframe, or as a 
network. 

Describe how the AIS or network is configured. If a network, specify whether it is a unified network or 
interconnected network. Describe the security support structure and identify any specialized security components 
and their role. 

Identify and describe procedures for any connectivity to the AIS(s). Indicate whether the connections are to be 
classified or unclassified systems. 

Provide a simplified block diagram that shows the logical connectivity of the major components (this may be shown 
on the floor layout if necessary-see 2.2). For AISs operating in the compartmented or multilevel modes an 
information flow diagram will be provided. 

If applicable, discuss the separations of classified and unclassified AISs within the SAPF. 

Indicate whether the AIS is configured with removable or nonremovable hard disk drives. 

Describe the configuration management program. Describe the procedures to ensure changes to the AIS require 
prior coordination with the ISSR. 



3.3 User Access and Operation. 

Describe the AIS operation start-up and shut-down (mode termination). Provide any unique equipment clearing 
procedures. 

Discuss all AIS user access control (e.g., log-on ID, passwords, file protection, etc.). 

Identify the number of system users and the criteria used to determine privileged access. 

If the mode is other than dedicated, discuss those mechanisms that implement DAC and MAC controls. 

Discuss procedures for the assignment and distribution of passwords, their frequency of change, and the granting of 
access to information and/or files. 

Indicate whether AIS operation is required 24 hours per day. 

Discuss procedures for after hours processing. State whether the AIS(s) are approved for unattended processing. 
Discuss procedures for marking and controlling AIS printouts. 
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Discuss remote access and operations requiring specific approval by the CSA. 



Discuss procedures for incident reporting. 



3.4 Audit Trails. 

If applicable, discuss the audit trails used to monitor user access and operation of the AIS and the information that is 
recorded in the audit trail. State whether user access audit trails are manual or automatic. 

Identify the individual who will review audit trails and how often. 

Describe procedures for handling discrepancies found during audit trails reviews. 



4.0 AIS HARDWARE 

This section will describe the AIS hardware that supports the Customer's program. This section will provide a listing 
of the AIS hardware and procedures for its secure control, operation, and maintenance. 

Provide a complete listing of the major hardware used to support the Customer's program activities. This list may be 
in tabular form located either in this section or a referenced appendix. The following information is required for all 
major AIS hardware: nomenclature, model, location (i.e., building/room number), and manufacturer. 

Provide a description of any custom-built AIS hardware. 

Indicate whether the AIS hardware has volatile or nonvolatile memory components. Specifically, identify 
components that are nonvolatile. 

If authorized, describe procedures for using portable devices for unclassified processing. 

Identify the custodian! s) for AISs. 



4.1 Labeling Hardware. 

Describe how the AIS hardware will be labeled to identify its classification level (e.g., classified and unclassified 
AISs collocated in the same secure area). 



4.2 Maintenance Procedures. 

Describe the maintenance and sanitization procedures to be used for maintenance or repair of defective AIS 
hardware by inappropriately cleared personnel. 



C-5 




4.3 Hardware Sanitization and Destruction. 



Describe the procedures or methods used to sanitize and or destroy AIS hardware (volatile or nonvolatile 
components). 



4.4 Hardware Movement. 

Describe the procedures or receipting methods used to release and transport the AIS hardware from the SAPF. 

Describe the procedures or receipting methods for temporarily or permanently relocating the AIS hardware within 
the SAPF. 

Describe the procedures for introducing hardware into the SAPF. 



4.5 Hardware Control and Audit Trails. 

Describe all AIS hardware maintenance logs, the information recorded on them, who is responsible for reviewing 
them, and how often. 



5.0 AIS SOFTWARE 

This section will provide a listing of all the software that supports the Customer's program. It will also provide 
procedures for protecting and using this software. 



5.1 Authorized Software. 

Provide a complete listing of all software used to support the Customer's program activities. This list may be in 
tabular form and may be located either in the section or in a referenced appendix. The listing will also include 
security software (e.g., audits software, anti-virus software), special-purpose software (e.g., in-house, custom, 
commercial utilities), and operating system software. The following information is required for AIS software: 
software name, version, manufacturer, and intended use or function. 



5.2 Software Procedures. 

Indicate whether a separate unclassified version of the operating system software will be used for maintenance. 
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Describe the procedures for procuring and introducing new AIS software to support program activities. 

Describe the procedures for evaluating AIS software for security impacts. 

Describe procedures for protecting software from computer viruses and malicious code and for reporting incidents. 



6.0 DATA STORAGE MEDIA 

This section provides a description of the types of data storage media to be used in the Customer's program and their 
control. 



6.1 Labeling and Storing Media. 

Describe how the data storage media will be labeled (identify the classification level and contents). 

Discuss how classified and unclassified data storage media is handled and secured in the SAPF (e.g., safes, vaults, 
locked desk). 



6.2 Media Clearing, Sanitization, and Destruction. 

Describe the procedures or methods used to clear, sanitize, and destroy the data storage media. 



6.3 Media Movement. 

Describe the procedures (or receipting methods) for moving data storage media into and out of the SAPF. 
Describe the procedures for copying, reviewing, and releasing information on data storage media. 



6.4 Media Control. 

Describe the method of controlling data storage media. 



7.0 AIS SECURITY AWARENESS PROGRAM 



Discuss the Provider's security awareness program. 
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Indicate that the AIS users are required to sign a statement acknowledging that they have been briefed on the AIS 
security requirements and their responsibilities. 

8.0 GLOSSARY OF TERMS 

Define the terms used. 
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Appendix D 

AIS Certification and Accreditation 



A. CERTIFICATION 

The ISSR, working jointly with the Customer, is responsible for coordinating and supporting the certification 
process. The ISSR is responsible for certifying, or coordinating the certification of, the AIS or network. 

Certification, which is a prerequisite for accreditation, is accomplished as follows: 

1. Identify operational requirements, define the Mode of Operation, and identify applicable security requirements, in 
accordance with this document and applicable documents referenced herein. 

2. Conduct a Risk Management Review to identify risks and needed countermeasures and specify additional security 
requirements (countermeasures) based on the review. 

3. Prepare an AISSP. Refine the plan throughout the certification process. 

4. Conduct a test and inspection to establish the extent to which the AIS performs the security functions needed to 
support the mode of operation and security policy for the system as outlined in the AISSP. The Customer will 
require a written certification report. 

5. Operating in the compartmented or multilevel mode requires the development of an A IS Technical Evaluation 
Plan. After Customer concurrence, accomplish testing as described herein. AIS security testing provides assurance 
to the Customer that the subject AIS(s) or network(s) meets the security requirements for operating in the 
compartmented or multilevel mode. Such testing is a prerequisite for Customer accreditation. 



a. Coordination Scheduling and Testing. The security test may be jointly conducted by the Provider and the 
Customer. 



b. Testing Prerequisite. The Provider-developed A IS Technical Evaluation Test Plan will be coordinated and/or 
approved by the customer. 

B. ACCREDITATION 

Accreditation is the Customer's authorization and approval for an AIS or network to process sensitive data in an 
operational environment. The Customer bases the accreditation on the results of the certification process. Following 
certification, the Customer reviews the risk assessment, employed safeguards, vulnerabilities, and statement of level 
of risk and makes the accreditation decision to accept risk and grant approval to operate; grant interim approval to 
operate (IATO) and fix deficiencies; or to shut-down, fix deficiencies, and recertify. 
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Criteria in Specific Environments [Yellow Book] 

Technical Rationale Behind CSC-STD-003-85: Computer Security 
Requirements [Yellow Book] 

DoD Magnetic Remanence Security Guideline [NSA] Information Systems 
Security Products and Services Catalogue 

Degaussing Level Performance Test Procedures Spec. L14-4-A55 



5. Director of Central Intelligence Directives 



DCID 1/7 

DCID 6/3 

DCID 6/4 

DCID 1/19 
DCID 1/20 

DCID 1/21 

DCID 1/22 
DCID 3/14-1 
DCID 3/14-5 



Security Controls on the Dissemination of Intelligence Information, [FOR 
OFFICIAL USE ONLY] 

Security Policy for Uniform Protection of Intelligence Processed in 
Automated Information Systems and Networks [SECRET] 

Minimum Personnel Security Standards and Procedures Governing Eligibility 
for Access to Sensitive Compartmented Information [UNCLASSIFIED] 

DCI Security Policy Manual for SCI Control Systems [UNCLASSIFIED] 
Security Policy Concerning Travel and Assignment of Personnel With 
Access to Sensitive Compartmented Information (SCI) [UNCLASSIFIED] 
Manual for Physical Security Standards for Sensitive Compartmented 
Information Facilities (SCIFs) [FOR OFFICIAL USE ONLY] 

Note: DCID 6/9 supercedes DCID 1/21. 

Technical Surveillance Countermeasures [CONFIDENTIAL] 

Information Handling Committee [UNCLASSIFIED] 

Annex B, Intelligence Community Standards for Security Labeling of 
Removable ADP Storage Media [UNCLASSIFIED] 



6. Legislation, Directive, and Standards 

Atomic Energy Act of 1954, as amended 
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National Security Act of 1947 

National Security Decision Directive 298, "Operations Security' 
Telephone Security Group standards 



7. Additional Publications Relevant to Special Access Programs 

Section 119, Title 10, United States Code (U.S.C.) 

EO 12958 Classified National Security Information 

EO 12968 Access to Classified Information 

DoD Directive 5205.7 Special Access Program (SAP) Policy 

DoD Instruction 5205.11 Management, Administration, and 

Oversight of DoD Special Access Programs 
(SAPs) 

DoD Instruction 5200.1-R Information Security Program 

DoD Instruction 5200.2-R DoD Personnel Security Program 

DoD Instruction 0-8530.2 Support to Computer Network Defense 

(CND) 
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APPENDIX F 

SPECIAL ACCESS PROGRAM FORMATS 
Section 1 -General 



Users obtain all blank SAP formats from the servicing PSO. Users are responsible 
for all costs relating to the format’s preparation program, to include the 
procurement and maintenance of necessary hardware and software. 

APP column reflects applicability: 

AF = Air Force only 



Section 2 - SAP FORMAT EXHIBIT 



NUMBER 


TITLE 


DATE APP 


SAP Format 1 


Program Access Request (DD Form 2835) 


Dec 00 




SAP Format la 


Program Access Request 


1 Jul 98 


AF 


SAP Format 2 


Special Access Program Indoctrination Agreement 
(DD Form 2836) 


Dec 00 




SAP Format 2a 


Special Access Program Indoctrination Agreement 
(Polygraph Supplement) 


1 Jan 98 




SAP Format 3 


Request for Facility Clearance Action 


1 Jan 98 


AF 


SAP Format 4 


SENIOR STAR Airlift Request 


1 Jan 98 


AF 


SAP Format 5 


Inadvertent Disclosure Statement 


1 Jan 98 




SAP Format 6 


Notification of Foreign Travel 


1 Jan 98 




SAP Format 7 


Visit Notification (Authorization) Request 


1 Jan 98 




SAP Format 7L 


Technical Visit Request 


1 Jan 98 




SAP Format 8 


TSCM Request 


1 Jan 98 




SAP Format 9 


Request for Files Check 


1 Jan 98 


AF 


SAP Format 10 


Secure Communications Request 


1 Jan 98 


AF 


SAP Format 1 1 


Subcontractor Status Report 


1 Jan 98 




SAP Format 12 


Waiver Request from Security Criteria 


1 Jan 98 




SAP Format 1 3 


Subcontractor/Supplier Data Sheet 


1 Jan 98 




SAP Format 14 


Reserved (unassigned) 






SAP Format 15 


Facsimile Transmittal-Classified (Optional) 


1 Jan 98 




SAP Format 1 6 


Word Processor and Personal Computer Data Sheet 1 Jan 98 




SAP Format 17 


Refresher Training Record 


1 Jan 98 




SAP Format 18 


Reserved (unassigned) 






SAP Format 19a 


Special Access Program Review 


Jan 04 




SAP Format 20 


Foreign Relative or Associate Interview 


1 Jan 98 




SAP Format 21 


Computer System User Acknowledgment 


1 Jan 98 




SAP Format 22 


Reserved (unassigned) 






SAP Format 23 


Reserved (unassigned) 






SAP Format 24 


Agent of the Government (Appointment) 


1 Jan 98 




SAP Format 25 


Agent of the Government (Oath) 


1 Jan 98 




SAP Format 26 


Reserved (unassigned) 






SAP Format 27 


Foreign Contact 






SAP Format 28 


Courier Designations and Instructions 
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SAP Format 29 
SAP Format 30 
SAP Format 31 



Technology Transfer Request 

Technology Transfer Log 

Standard Form 86 Certification (SF86C) 
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(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



PROGRAM ACCESS REQUEST 


1 . Program Name 


2. Access Level 


3. Billet Position □ YES □ NO 
Billet Number: 


4. Last Name, First Name, Ml 


5. Rank/Grade 


6. SSN- 


7. Date of Birth (YYMMDD) 


8. State/Country of Birth 


9. 

1 1 Military O Government Civilian 


1 1 Contractor 


10. Date Needed (YYMMDD) 


1 1 . Position Description/Job Title 


12. O Full Time HH Temporary (Period of access) 

1 1 Part Time 


13. Organization/Company Name 


14. Assignment/Job Location (City and State) 


15. Command/Facility ID Code 


16. Security Clearance 


17. Granted By 


1 8. Date Granted 


19. Investigation Type 


20. Conducted By 


21 . Date Completed 


22. Security Investigation Status 

1 1 In Progress HH Not Started (See Remarks) HH Current 


23. Central Adjudication Review (When Required) 

Conducted By C| Concur Non-Concur 


24. Justification ( ) include the percentage of time to be spent supporting the program. CONTINUE ON SEPARATE SHEET IF NECESSARY 

Classification 


25. REQUESTOR (Functional Manager) 


Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


26. ACTIVITY SECURITY MANAGER (Government or Contractor) 


Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


27. GOVERNMENT/CONTRACTOR PROGRAM MANAGER 


Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


ADDITIONAL COORDINATION (As Required by the Specific Program) 


28. Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


29. Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


30. Typed Name/Title/Organization 


Signature 


1 1 Concur 
1 1 Non-Concur 


Date 


31. PSO 


Typed Name/Title/Organization 


Signature 


32. DCII (OK or Referred 
to CAO on YYMMDD) 


1 1 Concur 
1 1 Non-Concur 


Date 


33. FINAL APPROVAL AUTHORITY 


Typed Name/Title/Organization 


Signature 


1 1 Approved 
1 iNon-Aoproved 


Date 


34. Remarks/Restrictions CONTINUE ON SEPARATE SHEET IF NECESSARY 


35. Attachments: Not Required Attached 

Standard Form 86 1 1 I 1 

Local Files Check (DCII) □ □ 

Foreign Association Questionnaire E3 1 1 

other n net I - ! I - ! 


Derived From: 
Declassify On: 
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*NOTICE: The Privacy Act 5, U.S.C. 522a, requires that federal agencies inform individuals, at the time information is solicited from them, whether the disclosure is mandatory or voluntary, by what authority such 
information is solicited, and what uses will be made of the information. You are hereby advised that authority for soliciting you Social Security Account Number (SSAN) is Executive Order 9397. Your SSAN will be used to 
identify you precisely when it is necessary to 1) certify that you have access to the information indicated above, or 2) determine that your access to the information indicated has been terminated. 
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PROGRAM ACCESS REQUEST 


1 . Program Name 


2. Access Level 


3. Billet Position EH YES □ NO 
Billet Number: 


4. Last Name, First Name, Ml 


5. Rank/Grade 


6. SSN- 


7. Date of Birth (YYMMDD) 


8. State/Country of Birth 


9. 

1 1 Military d Government Civilian 


l~l Contractor 


10. Date Needed (YYMMDD) 


1 1 . Position Description/Job Title 


12. d Full Time d Temporary (Period of access) 

1~1 Part Time 


13. Organization/Company Name 


14. Assignment/Job Location (City and State) 


15. Command/Facility ID Code 


1 6. Security Clearance 


17. Granted By 


1 8. Date Granted 


19. Investigation Type 


20. Conducted By 


21 . Date Completed 


22. Security Investigation Status 

I~1 In Progress d Not Started (See Remarks) d Current 


23. Central Adjudication Review (When Required) 

Conducted By d Concur d Non-Concur 


24. Justification ( ) include the percentage of time to be spent supporting the program. CONTINUE ON SEPARATE SHEET IF NECESSARY 

Classification 


25. REQUESTOR (Functional Manager) 


Typed Name/Title/Organization 


Signature 


l~l Concur 
r~lNon-Concur 


Date 


26. ACTIVITY SECURITY MANAGER (Government or Contractor) 


Typed Name/Title/Organization 


Signature 


l~l Concur 
Id Non-Concur 


Date 


27. GOVERNMENT/CONTRACTOR PROGRAM MANAGER 


Typed Name/Title/Organization 


Signature 


l~l Concur 
r~lNon-Concur 


Date 


ADDITIONAL COORDINATION (As Required by the Specific Program) 


28. Typed Name/Title/Organization 


Signature 


l~l Concur 
r~lNon-Concur 


Date 


29. Typed Name/Title/Organization 


Signature 


l~l Concur 
r~lNon-Concur 


Date 


30. Typed Name/Title/Organization 


Signature 


l~l Concur 
r~lNon-Concur 


Date 


31. PSO 


Typed Name/Title/Organization 


Signature 


32. DCII (OK or Referred 
to CAO on YYMMDD) 


l~l Concur 
r~lNon-Concur 


Date 


33. FINAL APPROVAL AUTHORITY 


Typed Name/Title/Organization 


Signature 


1 1 Approved 
1 iNon-Aoproved 


Date 


34. Remarks/Restrictions CONTINUE ON SEPARATE SHEET IF NECESSARY 


35. Attachments: Not Required Attached 

Standard Form 86 1 1 1 1 

Local Files Check (DCII) □ EH 

Foreign Association Questionnaire d| EH 

Other (LOC) EH □ 


Derived From: 
Declassify On: 



SAP Format la, “Program Access Request,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



































































‘NOTICE: The Privacy Act 5, U.S.C. 522a, requires that federal agencies inform individuals, at the time information is solicited from them, whether the disclosure is mandatory or voluntary, 
by what authority such information is solicited, and what uses will be made of the information. You are hereby advised that authority for soliciting you Social Security Account Number 
(SSAN) is Executive Order 9397. Your SSAN will be used to identify you precisely when it is necessary to 1) certify that you have access to the information indicated above, or 2) determine 
that your access to the information indicated has been terminated. 



SPECIAL ACCESS FI^CIGRAMIISIXXnraiSVVnCINAGREEIVENr 



An Agreement Between 



and the United States 



(Name - Printed ortyped)(Last, First, Middle Initial) 

1. I hereby accept the obligations contained in this Agreement in consideration of my being granted access to information or materials protected within Special Access Programs, 
hereinafter referred to in this Agreement as SAP information (SAPI). I have been advised that SAP I involves or derives from acquisition, intelligence, or operations and support activities, 
and is classified or is in the process of a classification determination under the standards of Executive Order 12958 or other Executive Order or statute, I understand and accept that by 
being granted access to SAPI, special confidence and trustshall be placed in me by the United States Government 

2. I hereby acknowledge that I have received a security indoctrination concerning the nature and protection of SAPI, including the procedures to be followed in ascertaining 
whether other persons to whom I contemplate disclosing this information or material have been approved for access to it, and I understand these procedures, I understand that I may be 
required to sign subsequent agreements upon being granted access to different categories of SAPI. I further understand that all my obligations under this Agreement continue to exist 
whether or not I am required to sign such subsequent agreements. 

3. I have been advised that the unauthorized disclosure, unauthorized retention, or negligent handling of SAPI by me could cause irreparable injury to the United States or be used 
to advantage by a foreign nation. I hereby agree that I will never divulge anything marked as SAPI or that I know to be SAPI to anyone who is not authorized to receive it without prior 
written authorization from the United States Government department or agency (hereinafter Department or Agency) that authorized my access(es) (identified on the reverse) to SAPI. I 
understand that it is my responsibility to consult with appropriate management authorities in the Department or Agency that last authorized my access to SAPI, whether or not I am still 
employed by or associated with that Department or Agency or a contractor thereof, in order to ensure that I know whether information or material within my knowledge or control that I 
have reason to believe might be SAPI, or related to or derived from SAPI, is considered by such Department or Agency to be SAPI. I further understand that I am also obligated by law 
and regulation not to disclose any classified information or material in an unauthorized fashion. 

4. In consideration of being granted access to SAPI and of being assigned or retained in a position of special confidence and trust requiring access to SAPI, I hereby agree to 
submit for security review by the Department or Agency that authorized my access(es) (identified on the reverse) to such information or material, any writing or other preparation in any 
form, including a work of fiction, that contains or purports to contain any SAPI or description of activities that produce or relate to SAPI or that I have reason to believe are derived from 
SAPI, that I contemplate disclosing to any person not authorized to have access to SAPI or that I have prepared for public disclosure. I understand and agree that my obligation to submit 
such preparations for review applies during the course of my access to SAPI and thereafter, and I agree to make any required submissions prior to discussing the preparation with, or 
showing it to, anyone who is not authorized to have access to SAPI. I further agree that I will not disclose the contents of such preparation to any person not authorized to have access to 
SAPI until I have received written authorization from the Department or Agency that authorized my SAP access(es) (identified on the reverse). 

5. I understand that the purpose of the review described in paragraph 4 is to give the United States a reasonable opportunity to determine whether the preparation submitted 
pursuant to paragraph 4 sets forth any SAPI. I further understand that the Department or Agency to which I have made a submission will act upon it, coordinating within the SAP 
community when appropriate, and make a response to me within a reasonable time, not to exceed 30 working days from date of receipt 

6. I have been advised that any breach of this Agreement may result in the termination of my access to SAPI, removal from a position of special confidence and trust requiring 
such access, or termination of other relationships with any Department or Agency that provides me with access to SAPI. In addition, I have been advised that any unauthorized 
disclosure of SAPI by me may constitute violations of United States criminal laws, including the provisions of Sections 793, 794, 798, and 952, Title 18, United States Code, and of 
Section 783(a), Title 50, United States Code. Nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me for any statutory violation. 

7. I understand that the United States Government may seek any remedy available to it to enforce this Agreement including, but not limited to, application for a court order 
prohibiting disclosure of information in breach of this Agreement. I have been advised that the action can be brought against me in any of the several appropriate United States District 
Courts where the United States Government may elect to file the action. Court costs and reasonable attorneys fees incurred by the United States Governmentmay be assessed against 
me if I lose such action. 

8. I understand that all information to which I may obtain access by signing this Agreement is now and will remain the property of the United States Government unless and until 
otherwise determined by an appropriate official or final ruling of a court of law. Subject to such determination, I do not now, nor will I ever, possess any right, interest, title, or claim 
whatsoever to such information. I agree that I shall return all materials that may have come into my possession or for which I am responsible because of such access, upon demand by 
an authorized representative of the United States Government or upon the conclusion of my employment or other relationship with the United States Government entity providing me 
access to such materials. If I do not return such materials upon request, I understand this may be a violation of Section 793, Title 18, United States Code. 

9. Unless and until I am released in writing by an authorized representative of the Department or Agency that provided me the access(es) (identified on the reverse) to SAPI, I 
understand that all conditions and obligations imposed upon me by this Agreement apply during the time I am granted access to SAPI, and atall times thereafter. 

10. Each provision of this Agreement is severable. If a court should find any provision of this Agreement to be unenforceable, all other provisions of this Agreement shall remain in 
full force and effect This Agreement concerns SAPI and does not set forth such other conditions and obligations not related to SAPI as may now or hereafter pertain to my employment 
by or assignment or relationship with the Department or Agency. 

11. 1 have read this Agreement carefully and my questions, if any, have been answered to my satisfaction. I acknowledge thatthe briefing officer has made available Sections 793, 
794, 798, and 952 of Title 18, United States Code, and Section 783(a) of Title 50, United States Code, and Executive Order 12958, as amended, so that I may read them atthis time, if I 
so choose. 

12. I hereby assign to the United States Governmentall rights, title and interest, and all royalties, remunerations, and emoluments that have resulted, will result, or may result from 
any disclosure, publication, or revelation not consistent with the terms of this Agreement 

13. These restrictions are consistent with and do not supersede, conflict with, or otherwise alter the employee obligations, rights, or liabilities created by Executive Order 12958; 
Section 7211 of Title 5, United States Code (governing disclosures to Congress); Section 1034 of Title 10, United States Code, as amended by the Military Whistleblower Protection Act 
(governing disclosure to Congress by members of the Military); Section 2302 (b)(8) of Title 5, United States Code, as amended by the Whistleblower Protection Act (governing disclosures of 
illegality, waste, fraud, abuse or public health or safety threats); the Intelligence Identities Protection Act of 1982 (50 USC 421 etseq.) (governing disclosures that could expose confidential 
Government agents), and the statutes which protect against disclosure that may compromise the national security, including Section 641, 793, 794, 798, and 952 of Title 18, United States 
Code, and Section 783(a) of Title 50, United States Code. The definitions, requirements, obligations, rights, sanctions and liabilities created by said Executive Orderand listed statutes are 
incorporated into this Agreement and are controlling. 
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(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 




14. This Agreement shall be interpreted underand in conformance with the law of the United States. 

15. I make this Agreement without any mental reservation, purpose of evasion, and in absence of duress. 



Signature Date 

The execution of this Agreement was witnessed by the undersigned who accepted it on behalf of the United States Government as a prior condition of access to Special 
Access Program information, 



WITNESS and ACCEPTANCE: 



Signature Date 

SECURITY BRIEFING / DEBRIEFING ACKNOWLEDGMENT 




SSN (See Notice Below) Printed orTyped Name Organization 

BRIEF Date I [ DEBRIEF Date 



I hereby acknowledge that I was briefed on the above SAP(s): Having been reminded of my continuing obligation to comply with the 

terms of this Agreement, I hereby acknowledge that I was debriefed on 
the above SAP(s): 

Signature oflndividual Briefed Signature of Individual Debriefed 

I certify that the briefing presented by me on the above date was in accordance with relevant SAP procedures. 



Signature of Briefing Officer 


Signature of Debriefing Officer 


Printed orTyped Name 


Printed orTyped Name 


SSAN (see notice below) 


SSAN (see notice below) 


Organization (Name and Address) 


Organization (Name and Address) 



SAP Format 2, “Special Access Program Indoctrination Agreement,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 

NOTICE: The Privacy Act, 5 U.S.C. 522a, requires that federal agencies inform individuals, at the time information is solicited from them, whether the disclosure is mandatory or voluntary, by what authority such information 
is solicited, and what uses will be made of the information. You are hereby advised that authority for soliciting your Social Security Account Number (SSN) is Executive Order 9397. Your SSN will be used to identify you 
precisely when it is necessary to 1) certify that you have access to the information indicated above, 2) determine that your access to the information indicated has terminated, or 3) certify that you have witnessed a briefing or 
debriefing. Although disclosure of your SSN is not mandatory, your failure to do so may impede such certifications or determinations. 
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REQUEST FOR FACILITY CLEARANCE ACTION 



FROM: Date: 

THRU: (PSO) 

TO: ~ 

□ Establish “covered” facility clearance 

□ TOP SECRET □ SECRET □ CONFIDENTIAL 

□ Change in level of facility clearance 

FROM TO 

□Confirm Carve-Out 



CONTRACTOR IDENTITY 

Name of Facility 

Address 




CAGE 

Specific Location of Carve-Out 
Contract Number 



POINTS OF CONTACT 

Secure Phone 

Secure Phone _ 

PSO ENDORSEMENT 




PROGRAM MANAGEMENT ENDORSEMENT 
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Contractor POC 
Gov POC 
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(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



DATE/TIME: 



CONTROL # 



PRECEDENCE. 



FROM: 



OFFICE SYMBOL 



PHONE# 



TO: SAF/AQLE (703)979-2407 (MODE 6) 

PROGRAM: 



SUBJECT: SENIOR STAR Airlift Request (U) 

ITINERARY (Fill in most important time block; remainder will be completed by AMC) 



Location Requested Date Requested Time (Local) 




PASSENGERS (If 0-7 or civilian equivalent, include title) 



Rank 



Name 



Rank 



Name 




BOXES/CARGO (Number, size and approximate weight. Boxes must fit in a safe drawer for emergency storage.) 



Number 



Weight 




POINTS OF CONTACT 



Location 



SAF/AQL 



AMC CP 



Name 




Phone Number 



(703) 697-9650/6174 



(618) 256-2981/5970 
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INADVERTENT DISCLOSURE STATEMENT 

1. Information from a class of Defense information, the source of which cannot be disclosed, 

has been either discussed with you or exposed to your view. This disclosure was 
unintentional; therefore it is necessary to acquaint you with the laws on the subject, and 
for you to execute this statement binding you to secrecy in connection with any 
information you may have gained from the disclosure. 

2. The importance of safeguarding this information cannot be overemphasized. The time limit 

for safeguarding of such information NEVER expires. You are directed to avoid all 
references to the existence of this information or words which identify it. 

3. Although you inadvertently gained information not intended for you, your signature below 

does NOT constitute an indoctrination of clearance or access to such information. 



STATEMENT 

I hereby affirm that I have read and fully understand the letter of instructions for 
maintaining the security of defense information. I certify that I shall never divulge any 
information which I may have learned from my having been exposed to this information, 
nor will I reveal to any person whomsoever, my knowledge of the existence of such 
information. I further certify that I shall never attempt to gain access to such information 
henceforth. I understand that transmission or revelation of this information in any manner 
to an unauthorized person is punishable under U.S. Code Title 18, Sections 793 and 794. 



SIGNATURE ORGANIZATION/FIRM and LOCATION 



PRINTED NAME DATE 



Witnessed this day of 



Signature of Witness 

SAP Format 5, “Inadvertent Disclosure Statement,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 
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NOTIFICATION OF FOREIGN TRAVEL 



TO: PERSONNEL SECURITY MANAGER (Please do not list organization on this line) 

1. BACKGROUND: 

a. Travel outside of the United States is a matter of security interest in view of the clearances you hold. Such 
travel includes points in Canada, the Caribbean, Mexico, and Europe, as well as more distant places. 

b. Knowledge of your whereabouts is needed primarily for personal protection and as a guide in locating you 
should an official search be required. Your itinerary should be adhered to as closely as possible. 

c. If major changes are made or if your estimated return date is extended by 24 hours or more, please advise 
Security accordingly to forestall any unnecessary concern as to your whereabouts. Contact Security upon 
your return for a debriefing. Any incidents of an intelligence nature which may have occurred must be 
reported. 

2. Please complete the following information (paragraph 2a-d) and read paragraph 3a-j, Foreign Travel 

Briefing. Sign, date and return to Security at least thirty (30) days prior to your departure. When you 

return, arrange to complete paragraph 4, Foreign Travel Debriefing. 

a. THIS TRAVEL IS: □ OFFICIAL □ PERSONAL 

b. 



NAME (Last, First, Ml) 


SSAN 


HOME ADDRESS 


HOME TELEPHONE 


ORGANIZATION 

PERSON WHO KNOWS YOUR PLANS AND WHEREABOUTS: 


WORK TELEPHONE 


NAME (Last, First, Ml) 


HOME TELEPHONE 



HOME ADDRESS WORK TELEPHONE 

d. DESTINATION ITINERARY: If more than one foreign country is to be visited, list countries in 
scheduled order of visit, together with all side trips and stopovers. 



PLACE 


DATE(S) 


CARRIER 


CONTACTS 



























Expected date of return to the US 

TRAVELER’S SIGNATURE DATE 



SECURITY CONCUR 

SAP Format 6, “Notification of Foreign Travel,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 
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3. As you prepare to travel outside of the United States, you may find yourself traveling to or through a country whose 
interests are inimical to those of the U.S. First and foremost, it is important that you be reminded of the continuing 
need to safeguard the classified information you carry around in your head and the broadening efforts of foreign 
intelligence services around the world. Second, this briefing is to impart a number of helpful tips so you can avoid 
situations which could cause you delay, embarrassment, or to be arrested while traveling. 

a. Don’t mention, discuss or even imply involvement in special or classified projects or activities. 

b. Never take sensitive or classified material outside of the U.S. without written approval from the PSO. 

c. Avoid moral indiscretions or illegal activity which could lead to compromise or blackmail. 

d. Don’t accept letters, photographs, material or information to be smuggled out of the country. 

e. Be careful of making statements which could be used for propaganda purposes. Don’t sign petitions, 
regardless of how innocuous they may appear. 

f. Remember that all mail is subject to censorship. Be careful not to divulge personal or business matters 
which could be used for exploitation or propaganda purposes. 

g. Never attempt to photograph military personnel or installations or other restricted/controlled areas. 

h. Beware of overly friendly guides, interpreters, waitresses, hotel clerks, etc., whose intentions may go beyond 
being friendly. 

i. Carefully avoid any situation which, in your best judgment, would provide a foreign service with the means 
for exerting coercion or blackmail. 

j. Report to Security upon your return for debriefing. Incidents of an intelligence nature or foreign national 
contact must be reported. 

Receipt and contents acknowledged: 



Signature of Traveler Date Signature of Organization Travel Monitor 

4. After you return, please arrange with your Organization Travel Monitor/security person to complete the debriefing 
below: 

Foreign Travel Debriefing 

To be completed after you return 



a. Did you deviate from the itinerary you provided prior to your departure? □ Yes □ No 

b. Did you have contact with anyone under circumstances you would consider as □ Yes □ No 

suspicious or unusual? 

c. If you answered “YES” to either of the above questions, explain on attached sheet. 

Interview conducted by Date 

SAP Format 6, "Notification of Foreign Travel,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 









DATE/TIME: CONTROL# 

FROM: OFFICE SYMBOL 

TO: 

INFO: 





2. (U) Visit is approved by Date: 



PRIVACY ACT STATEMENT 

AUTHORITY: 1 0 U.S.C. 31 01 & EO 9397 

PRINCIPAL PURPOSE: FOR GRANTING VISIT APPROVAL TO A CLASSIFIED PROGRAM FACILTY AND TO AUTHORIZE 

ACCESS TO PROGRAM MATERIAL. 

ROUTINE USE: TO RECORD VISIT APPROVAL. USE OF SSAN IS NECESSARY TO MAKE POSITIVE 

IDENTIFICATION OF THE INDIVIDUAL AND RECORDS. 

DISCLOSURE IS VOLUNTARY; FAILURE TO PROVIDE THE INFORMATION AND SSAN COULD RESULT IN APPROVAL BEING DENIED. 

Derived From: 

Declassify On: 

SENT BY: 

SAP Format 7, “Visit Notification," Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



PRECEDENCE 

PHONE# 













(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



DATE/TIME: 

FROM: 

TO: 

INFO: 



SUBJECT: TECHNICAL VISIT REQUEST (U) 

SECTION II - BRIEFING DATA 



1. SUBJECT/TITLE OF ORIGINAL INFORMATION 


2. MASTER LIBRARY DCN: 


3. BRIEFER: (NAME/COMPANY) 


4. SPONSOR: (NAME/AGENCY) 


5. REQUESTOR: (NAME/COMPANY) 


5. PHONE NUMBER: (REQUESTOR/STU III) 


7. JUSTIFICATION: (Classification- ) 



SECTION III - INDIVIDUALS RECEIVING BRIEFING 



SECTION I - FAX TRANSMITTAL DATA 

CONTROL NO. PRECEDENCE 

OFFICE SYMBOL PHONE# 



(U) NAME 


(U) SSAN 


(U) CLEARANCE & 
INVESTIGATION 


(C/SAR) 

PROGRAM/ 

LEVEL OF 
ACCESS 


(U/HVSACO) 
DATE(S) OF 
VISIT 





















































SECTION IV - COORDINATION/APPROVAL 



8. REQUESTOR SECURITY: (Signature) 


(Date) 


9. SPONSOR SECURITY: (Signature) 


(Date) 


10. REQUESTOR NOTIFIED: (Name of Person & Means of Notification) 


(Date) 



PRIVACY ACT STATEMENT 



AUTHORITY: 1 0 U.S.C. 31 01 and EO 9397 

PRINCIPAL PURPOSE: FOR GRANTING VISIT APPROVAL TO A CLASSIFIED PROGRAM FACILTY AND TO AUTHORIZE ACCESS TO 

PROGRAM MATERIAL. 

ROUTINE USE: TO RECORD VISIT APPROVAL. USE OF SSAN IS NECESSARY TO MAKE POSITIVE IDENTIFICATION OF THE 

INDIVIDUAL AND RECORDS. 

DISCLOSURE IS VOLUNTARY; FAILURE TO PROVIDE THE INFORMATION AND SSAN COULD RESULT IN APPROVAL BEING DENIED. 



11. SPECIAL PROCEDURES: 



Derived From: 
Declassify On: 



SAP Format 7L, “Technical Visit Request,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 






























(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



TSCM Request (U) 



(U) FACILITY. 
(U) STEET 
(U) CITY 



(Date of Request) 



(Organization/Company Name) 



(Complete Address) 

STATE 



ZIP 



(S/SAR) BLDG NUMBERS. 



TOTAL NUMBER REQUESTS 



(Program Areas) 



(S/SAR) ROOM NUMBERS 



(Submit a Separate Request for Each Facility) 



(Program Areas) (Total Sq Ft) 



(S/SAR) DATE ALL CONSTRUCTION COMPLETED. 



(If Applicable) 



(S/SAR) DATE ALL EQUIPMENT/FURNISHING IN PLACE. 
(U) HIGHEST CLASSIFICATION LEVEL 



(Equipment Must Be Operational) 

(S/SAR) DESIRED DATE 



(S/SAR) DATE OF LAST SURVEY 

(If Known) 

(U) GOVT SECURITY MANAGER 



FILE NO 



(If Known) 



WORK PHONE_ 
HOME PHONE 



(U) FACILITY POC 

(Security Manager) 

(U) ALTERNATE POC 

(Alternate Security Manager) 

(S/SAR) REASON SURCEY NEEDED 



WORK PHONE 



HOME PHONE 



WORK PHONE_ 
HOME PHONE 



(Signature of In-Place Security Manager) (Signature of Govt Program Security Officer) 

(U) Note: At a minimum, include a sketch or building diagram. When available, submit blueprints. Include overall area/facility maps. Clearly outline 
program areas on submitted documents. Also provide information regarding physical characteristics such as construction, types and locations of 
equipment (computers, alarms, radio equipment), windows and any other factor potentially affecting security. Preferred method of receipt is on 8 1/2” x 
11” paper. Use of this size may require copy reduction. If not feasible, forward attachments separately. 

DERIVED FROM: 

DECLASSIFY ON: 

SAP Format 8, "TSCM Request." Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 








(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 

DATE/TIME: CONTROL NO. PRECEDENCE 

FROM: PHONE# 

NAME OF SERVICING GOVERNMENT PSO: 

TO: SAF/AQ Central Adjudications Facility (51 3) 252-1 658 

SUBJECT: REQUEST FOR FILES CHECK 

Request a files check be conducted on the following personnel: 




NOTE: Alphabetize by last name. 

COVER ONLY: X 

SENT BY: 

SAP Format 9, "Request for Files Check,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



★ 

NOTICE: The Privacy Act 5, U.S.C. 522a, requires that federal agencies inform individuals, at the time information is solicited from them, whether the disclosure is mandatory or voluntary, by what authority 
such information is solicited, and what uses will be made of the information. You are hereby advised that authority for soliciting you Social Security Account Number (SSAN) is Executive Order 9397. Your SSAN 
will be used to identify you precisely when it is necessary to 1) certify that you have access to the information indicated above, or 2) determine that your access to the information indicated has been terminated. 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 














(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



{ SECURE COMMUNICATIONS REQUEST | 


FROM: 




DATE: 


TO: 








I THRU: 1 


L_ 








SECTION 1 - GENERAL INFORMAITON 


1. 


Name of Proaram: 






2. 


ComDanv/Aaencv : 






3. 


Buildina Number: 




Room Number: 


4. 


Street Address: 






5. 


Citv/State/Zio Code: 






6. 


Points of Contact: 






7. 


Phone Numbers: 














SECTION II - SERVICE REQUIRED 


8. 


Service: 














9. 


Kev Level: 






10. 


Reauired Operational Date: 






11. 


Justification: 






























SECTION III - VALIDATION 


12. 


Contractor Security Manager: 




Date: 




(Signature) 




13. 


Government Security Manager: 




Date: 






(Signature) 




14. 


Program Security Officer: 




Date: 






(Signature) 




15. 


RFS Number: 






16. 


Telephone Service □ Gov’t office w/sterile lines 

□ Contractor facility w/sterile lines 


□ Gov’t office providing own support 

□ Contractor facility w/non-steriie lines 


17. 


Communications Special Projects Manager: 


□ Concur 


I - ! Non-Concur Date: 








Derived From: 




(Signature) 




Declassify On: 



SAP Format 10, "Secure Communications Request,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE (Preparation Instructions On Reverse) 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 














The following instructions provide a detailed description of the information required to complete this form. Each entry has been 
numbered to permit ease in completion. 

TO: Route through the Government Program Manager and then to the Program Security Officer (PSO). Failure to follow this sequence 
results in rejection of this request. 

I . Whenever possible, provide the specific program name, rather than a study or a project number. 

2 thru 5. Be specific and provide accurate information. Make sure changes in this information between the time the request is 
submitted and the service provided are reported to the PSO to permit relay to the installers. 

6. Two POCs are required. POCs should be the persons who have been previously assigned as the primary and alternate COMSEC 
managers for existing locations, or those persons who will be COMSEC managers for the new location. 

7. When possible, provide existing STU III secure phone numbers. 

8. Provide details (which includes the following) for each type of service: 

STU III - Provide quantity of phones required, whether single or multi-line versions are needed (multi-line instruments are designed 
top operate on a 1A2 key system), and state what type of devices are required or planned to be used on the data port. Requests 
for facsimile service supported by a STU III may be combined with one STU III request. 

FAXNET (Facsimile supported as a closed net using KG-84a Crypto) - Identify the net which you will be required to communicate 
with. If a new net is being established, a separate form must be prepared for each requirement. Identify the number of locations 
anticipated to be activated in the net over the next two years. 

KG Support for Computer dial-ups, high-speed links, etc. - Provide a complete description of the intended installation, to include 
wiring diagrams showing signal connections to the KG on both the red and black side. The customer provides the installation 
support of all of the other components of the system, with the exception of the COMSEC. The customer also installs the 
appropriate cabling from the customer equipment to the point of installation for the COMSEC. 

9. Enter SCI, Top Secret, or Secret. Bear in mind for Top Secret or SCI keys to be issued, personnel with the appropriate clearances 
must be available. 

10. The following minimum lead times have been established as a guide which may vary depending upon the type of service requested 
and are obtained from the communications community from the time they receive the request from the PSO. (Allow extra time to 
process the request within your own channels): 

Equipment or Keying Material Support Only - 90 days 

Requests Requiring Leasing 9.6kb Data Service or Business Telephone Service to Support a Government Location - 90 days 
Requests Requiring the Lease of Services Greater than 9.6kb to Support a Government Location - 120 days 

I I . Be specific. Government Program and Security Managers use this information to validate the request. 

12. Applies only to contractor requests. 

13. Channel all requests through the appropriate Program Manager prior to submission to the PSO. 

14 thru 16. For PSO use only. Separate instructions have been provided. 

16. Contractors provide the leased telephone services for their requirements. “Sterile” (foreign exchange) service is normally required. 
The PSO may permit a large contractor to use standard commercial service, but the PSO must sign a waiver assuming the risk. 
Contact the PSO for further information. 

For Government locations, unless sterile lines are required, the customer arranges for telephone service support from the local base. If 
sterile lines are required, the PSO validates such need and requests the service on this form. DO NOT route telephone service through 
the base switchboard. 




(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



□ 1st Tier 
1 . Company/Address 



SUBCONTRACTOR STATUS REPORT (U) 

□ 2nd Tier □ 3rd Tier 

2. Sterile Address 



3. 


Prime 






4. 


Convenience Code 


5. 


Facility Clearance 






6. 


Facility Code 


7. 


Telephone 






8. 


Sterile Phone 


9. 


Number of Personnel Briefed: 


Ceilinq 




Total 




Level 1 


Level II 




Level III Level IV 


10 . 


Product/Service 










11. 


Proaram/Proiect 






Classification Level 


12 . 


CSM 






13. 


PM 


14. 


Prime Security Rep 






15. 


Prime Procurement Rep 


16. 


Secure Phone # 






17. 


Secure Fax Yes No 


18. 


Storaae Authority 






19. 


Contract Value 


20. 


DD Form 254 Date 






21. 


Security Plan Date 


22. 


Date of Last Insp 






23. 


Ratinq 


24. 


Classified Holdings (Update Yearly) 
Confidential 


Secret 




Top Secret 


25. 


Status 












SAP Format 11, “Subcontractor Status Report,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE Attachment Yes □ No □ 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 











WAIVER REQUEST FROM SECURITY CRITERIA (U) 

Date 



I. Request Number 2. Expiration Date 

3. From Thru To 

4. Type Request (check one) □ Facility □ Equipment □ Procedural 

□ Equivalent □ Other 

5. REFERENCE Directive # Paragraph # 

6. Affected Area/Function 

7. Brief Description of Specific Requirement 

8. Brief Description of Deficiency 

9. Proposed Corrective Action 

10. Justification 

II. Compensatory Measures 

12. Estimated Cost of Correction 

13. Estimated Correction Date 

SAP Format 12. “Waiver Request From Security Criteria." Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE Derived From: 

Declassify On: 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 












(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



14. Requester Coordination 






Office 


Name 


Initials 



Name of Program Manager 


Signature 


Date 


Name of Security Manager 


Signature 


Date 



15. Reviewing Official Coordination & Recommendation 

Approval Disapproval 

Comments 

Name of Reviewing Official 

Activity Represented 

Signature 

16. Approval Authority Coordination 
Approved 
Comments 

Signature 

17. Additional Information from Previous Page as Required (Indicate Item #) 




Disapproved 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 












(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 





SUBCONTRACTOR/SUPPLIER DATA SHEET (U) 






1. 


Prime Contractor 


Subcontractor/supplier 










Address 






2. 


Initial Meeting 










Date 


Attended By 








Location 


















3. 


Type of Procurement: Sole Source 




□ Yes 


□ No 


4. 


Product 


Classification 






5. 


Subcontractor/Supplier Data 










DoD Facility Clearance Level 


Date Granted 








DoD Storaae Level 


CAGE 








Other Contracts with Prime 










Approx Percentaae of Firm’s Business 


Proiect Number/Name 






6. 


Cover Story 









7. Subcontractor/Supplier Contracts Sterile Phone Numbers 

Program Management 

Technical 

Contracts 

Security 

8. Sterile Address 

Name 

Address City State Zip 

9. Secure Communication Voice Fax 

1 0. Proposed Work Area/Location 



11. Proposed Personnel Program Accesses 

Level I Level II 

12. Proposed Program Classified Storage 

Storage NOT Approved 

Level Approved 

13. Remarks 




Level III Level IV 

Storage Containers 

Class VI 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 









(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



DATE/TIME: 


CONTROL # 


PRECEDENCE 


FROM: 


OFFICE SYMBOL 


PHONE# 


TO: 






INFO: 







SUBJECT: 

REFERENCE: 



COVER ONLY : COVER PLUS: Derived From: 

Declassify On: 

SENT BY: 

RETURN RECEIPT (FOR TOP SECRET ONLY) 

(RECEIVER) (DATE) 

SAP Format IS, "Facsimile Transmittal Form - Classified,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



Page 



. oi_ 










SAP Format 15, “Facsimile Transmittal Continuation Sheet - Classified,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



Page 



of 







(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 

WORD PROC ESSOR AND PERSON AL COMPUTER DATA SHEET 
SYSTEM NUMBER: 

DATE SUBMITTED: 

DATE APPROVED: 

DATE IMPLEMENTED: 

LEVEL OF CLASSIFIED PROCESSING: MODE OF OPERATIONS: 

PERCENTAGE USED FOR CLASSIFIED: HOURS OF OPERATION: 

MANUFACTURER MODEL SERIAL 

NAME NUMBER 

KEYBOARD 

MOUSE 

MONITOR 

SYSTEM UNIT 

DISK DRIVE 

PRINTER 




OPERATING SYSTEM: 
APPLICATION SOFTWARE 





PSO SIGNATURE DATE 

SAP Format 16, "Word Processor and Personal Computer Data Sheet,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



SEAL 

NUMBER 



EQUIPMENT 
(I/O DEVICES) 



FACILITY: 

ROOM: 

USER: 

CUSTODIAN: 



INITIAL SUBMISSION □ 

CONFIGURATION CHANGE □ 
ADDITION □ DELETION □ 
RECERTIFICATION □ 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 






























(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



Refresher Training Record 

For CY 

This format provides for documentation of annual refresher training. This training may be accomplished throughout the year or 
at one session. The “COMPUTER SECURITY” listing is mandatory if the individual uses a computer. 

Mandatory Topics Covered Date Completed Programs/Projects 



(Convenience Codes May Be Used) 



□ 


Foreign Intelligence Techniques 




□ 


Threat Reporting 




□ 


Effects of Unauthorized Disclosure 




□ 


Program Vulnerabilities/Threat & OPSEC 




□ 


Adverse Information Reporting 




□ 


Reporting Fraud, Waste & Abuse 




□ 


Derivative Classification & Marking 




□ 


Telephone Security/STU Ills 




□ 


Security Inspection Common Problems 




□ 


Computer Security 

AIS Operating Procedures 


Videos/Films Shown 


□ 


Audit Trails 




□ 


Logs, Forms & Receipts 




□ 


Media Protection 




□ 


Use of System 




□ 


Copyright Laws & Licensing Agreements 




□ 


Other Topics Covered 

Visitor Procedures 


Personal Status 

(Optional) 

1 was orovided an oooortunitv to review mv 


□ 


Document Control 


DoD Personnel Security Questionnaire and 


□ 




report/chanae anv previously unreported 


□ 




personal status chanqes. 


□ 






□ 




Individual’s Initials: 



Printed Name Organization/Firm 



Signature Location 



Security Education Manager (SEM) or Instructor 



SAP Format 17, “Refresher Training Record,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE (File in Individual Personnel Records) 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 








(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



SPECIAL ACCESS PROGRAM REVIEW REPORT 


SECTION I - BASELINE FACILITY DATA 


SAPCODE: 














FACILITY CATEGORY: _ 




FACILITY CLEARANCE LEVEL: 




NO. EMPLOYEES: 


NO. CLEARED EMPLOYEES: 


NO. FOREIGN NATIONALS: _ 




SECTION II - PROGRAM-SPECIFIC DATA 


SCOPE OF ACTIVITY: 




CATEGORY OF PROGRAM: 






PROGRAM ACCESS LEVEL: 












PREVIOUS REVIEW DATE: 


CURRENT REVIEW DATE: 


NEXT REVIEW DATE: 




TYPE OF REVIEW: 




OVERALL RATING: 






APPROXIMATE NUMBER OF DOCUMENTS/MEDIA UNDER CONTROL: 




CONFIDENTIAL 




SECRET 




TOP SECRET 




DOCS MEDIA 




DOCS MEDIA 




DOCS MEDIA 




NUMBER OF PERSONS ACCESSED: TIME EXPENDED: T. 


R. A. P. 


















SECTION III - ELEMENTS OF REVIEW (Check if completed.) 


FUNCTIONAL AREA 




FUNCTIONAL AREA 




FUNCTIONAL AREA 




Management Oversight 


□ 


Courier Activity 


□ 


ITAR/Export Issues 


□ 


Access Authorizations 


□ 


AIS 


□ 


Counterintelligence 


□ 


Indoctrination Briefing 


□ 


Disposition 


□ 


Public Release 


□ 


Classification Guidance 


□ 


Reports Submitted 


□ 


COMSEC 


□ 


Storage 


□ 


Foreign Travel 


□ 


Employee Interviews 


□ 


Material/Controls 


□ 


Long-Term Foreign Visitors 


□ 


Co-utilization 


□ 


Transmission 


□ 


FOCI 


□ 






SECTION IV - REPORT PROCESSING 


CORRECTIVE ACTION REPORT: 












DISTRIBUTION: Q Special Program Manager 


□ SPD 


1 1 Other 




REMARKS: 


13. SIGNATURE: 


14. DATE OF REPORT: 













SAP Format 19A, "Special Access Program Review Report" 3/00 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 








(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 

FOREIGN RELATIVE OR ASSOCIATE INTERVIEW 

Interviewee’s Name: 

Interviewee’s SSAN: Date of Interview: 

Name of Relative or Associate: 

Relationship: Citizenship: 

Current Address: 

City/Country: 

Has the relative or associate ever visited the U.S.? Port of Entry: 

When and for how long? 

Frequency? 

Most recent visit? 

What is the relative’s or associate’s line of work? (If government employee, determine level: local, national, etc.) 

Initial contact date/circumstances? 

Frequency of interviewee’s contact with relative or associate? 

When/where did the last contact occur? (letter, phone call, in person, etc.) 

Interviewee’s reaction to any undue interest in his/her job? 

Does or would the interviewee provide significant support? (If so, what type?) 

Interviewee’s bond with, affection for, or obligation to the relative or associate? 

Would the relative’s or associates welfare and safety be of significant concern (hostage situation)? 

Interviewee’s reaction to such a situation? 

Remarks: 

Security Representative’s Signature and Date: 

SAP Format 20, “Foreign Relative or Associate Interview,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 

*NOTICE: The Privacy Act, 5 U.S.C. 522a, requires that federal agencies inform individuals, at the time information is solicited from them, whether the disclosure is mandatory or voluntary, by what authority such information is 
solicited, and what uses will be made of the information. You are hereby advised that Authority for soliciting your Social Security Account Number (SSAN) is Executive Order 9397. Your SSAN will be used to identify you 
precisely when it is necessary to 1) certify that you have access to the information indicated above, or 2) determine that your access to the information indicated has been terminated. 

(Use additional sheets for Remarks, as needed) 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 











(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



COMPUTER SYSTEM USER 

ACKNOWLEDGEMENT STATEMENT 

I UNDERSTAND THAT AS A COMPUTER SYSTEM USER, IT IS MY RESPONSIBILITY TO COMPLY WITH ALL SECURITY 

MEASURES NECESSARY TO PREVENT UNAUTHORIZED DISCLOSURE, MODIFICATION, OR DESTRUCTION OF 

INFORMATION. I HAVE READ THE COMPUTER SYSTEM STANDARD OPERATING PROCEDURES FOR THE SYSTEM(S) TO 

WHICH I HAVE ACCESS AND AGREE TO: 

1 . Protect and safeguard information in accordance with the System Operating Procedures. 

2. Sign all logs, forms and receipts as required. 

3. Escort personnel not on the access list for the environment in such manner as to prevent their access to data which 
they are not entitled to view. 

4. Protect all media used on the system by properly classifying, labeling, controlling transmitting and destroying it in 
accordance with security requirements. 

5. Protect all data viewed on the screens and/or hardcopies at the highest classification level of the data processed 
unless determined otherwise by the data owner. 

6. Notify the System Security Custodian of all security violations, unauthorized use, and when I no longer have a need to 
access the system (i.e., transfer, termination, leave of absence, or for any period of extended non-use). 

7. Use of the system is for the purpose of performing assigned organizational duties, never personal business and I will 
not introduce, process, calculate, or compute data on these systems except as authorized according to these 
procedures. 

8. Comply with all software copyright laws and licensing agreements. 



Initial Certification 


PRINTED NAME OF USER 




SIGNATURE OF USER 




PRINTED NAME OF CUSTODIAN 




SIGNATURE OF CUSTODIAN 




ORGANIZATION/FIRM 




DATE 




Annual Recertification 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 


SIGNATURE OF USER 


DATE 



SAP Format 21, “Computer System User Acknowledgement Statement,” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 
















(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



LETTER OF APPOINTMENT 



To: 



Company: 



Subject to your acceptance and execution of the Oath of Confidentiality attached hereto, you are hereby appointed an 
Agent of the United States Government for the Program. This appointment is for the limited purpose of reviewing 
Personnel Security Questionnaires (PSQs), Security Questionnaires (SQs), and Program Access Request packages 
(PARs) for accuracy, completeness, and obvious disqualifying factors. 

For the limited purposes of this agency you are obligated to treat personnel information as data protected by the 
Privacy Act (5 U.S. Code 552a) for all employees of your parent company whose questionnaires you review. Disclosure of 
personal information to any person not authorized to receive it may subject you to sanctions, including criminal penalties, 
provided by the Privacy Act, and to appropriate administrative and civil remedies. 

Should you decline to accept, or refuse to execute the Oath of Confidentiality attached hereto, you should consider 
this tender of appointment to be canceled. 



Program Security Officer 



SAP Format 24, “Agent of the Government (Appointment),” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 






(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 



ACCEPTANCE OF APPOINTMENT 
AND OATH OF CONFIDENTIALITY 

I, , the undersigned, do hereby accept appointment as an Agent of the 

United States Government for the Program for the limited purpose of 

reviewing Personnel Security Questionnaires (PSQs), Security Questionnaires (SQs) and Program Access 
Request packages (PARs) for accuracy, completeness, and obvious disqualifying factors revealed in the 
PSQs, SQs or PARs. 

I acknowledge that in accepting this appointment as an Agent of the Government, I agree that I will not 
disclose to any person, not lawfully entitled to received it within the scope of this employment or agency with 
the U.S. Government, personal information revealed on the PSQs, SQs or PARs I review. I also acknowledge, 
accept and agree that I will not use or reveal personal information to anyone except for the purposes stated 
herein. 

I further acknowledge that by virtue of this appointment, I am bound by the provisions of the Privacy Act (5 U.S. 
Code 552a), including its criminal penalties for wrongful disclosure of information contained in protected 
records. I have been informed that PSQs, SQs and PARs are records protected by the Privacy Act. 



Signature and Date 



Appointing Official 



Signature and Date 



Typed Name and Title 



SAP Format 25, “Agent of the Government (Oath),” Jan 1998 PREVIOUS EDITIONS ARE OBSOLETE 



(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 






(CLASSIFY AS APPROPRIATE WHEN FILLED IN) 

FOREIGN CONTACT FORM 

To: 

From: 

Name: 

Social Security Number 
Instructions: 

• Please answer the following questions listed below to the best of your ability. 

• For further information or questions, contact Program Security. 

1. Full name of Non-U.S. citizen contact: (include maiden name or aliases if appropriate. If 
possible, provide name in both English and Native language characters.) 

2. Date of Birth (or approximate age if DOB is unknown), place of birth (city, country): 

3. Citizenship: 

4. Current address: 

5. Occupation/Employer: 

6. Known since/how did you meet: 

7. Last contact date/plans for future contact: 

8. Description of type of relationship: 
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Employee Number: 
Telephone Number: 
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NOTE: 


If responding “YES” on questions below, please provide details in the remarks section at the bottom of this form. 


9. 


YES □ NO □ 


Are you aware of any known political/military/intelligence 
activities of the contact or their relatives? 


10. 


YES □ NO □ 


Is this contact witting of your Government involvement? (If yes, 
please note how and why) 


11. 


YES DNO □ 


Do you have any relatives or friends from the same country as the 

contact? 


12. 


YES □ NO □ 


Did the individual ask what type of work you do? What was your 
response? 


13. 


YES □ NO □ 


Did the contact express on interest in any topics or technologies? 


14. 


YES DNO □ 


Did you discuss your involvement in U.S. Government related 
activities? 


15. 


YES □ NO □ 


Did the contact offer to arrange any special treatment for you? 


16. 


YES DNO □ 


Did the contact offer to pay for anything (i.e., meals, gifts)? 


17. 


YES DNO □ 


Have you received any gifts from this person? 


18. 


YES DNO □ 


Did you exchange business cards, telephone numbers or addresses? 
(Please attach a copy to this form) 


COMMENTS: 


*NoticeS The above information is protected by provisions of the Privacy Act, 5 U.S.C. 522a. You are hereby advised that authority for soliciting your Social Security Account Number 
(SSAN) is Executive Order 9397. Your SSAN will be used to identify you precisely when it is necessary to certify that you have access to the information indicated above. Although 
disclosure is not mandatory, your failure to do so may impede certification or determinations. 
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DESIGNATION AND COURIER INSTRUCTIONS 

A. Maintain constant custody of the material from receipt until delivery. Never allow the material out of your sight or physical contact. 

B. Place all material in a locked briefcase of normal appearance or a strong, locked carry-on bag. Based on the volume of material, use 
additional couriers as necessary (a minimum of two couriers is required for Top Secret; one for secret and below). 

C. Do not schedule on overnight stop. Remain in the airport terminal if a connecting flight is part of your itinerary. 

D. Do not consume alcoholic beverages. 

E. Pre-plan travel routes. Include alternate routes. In unfamiliar areas, mark and use maps. 

F. Transiting airport security checkpoints: 

1. Before departure, obtain a courier authorization letter. Do not show this letter to airport security unless specifically asked. Also 
military or company ID cards when asked. 

2. When two couriers are used, one courier passes through the checkpoint and waits for the second courier to transfer the package 
rough the x-ray machine. The second courier passes through the checkpoint after material has been received by the first courier. 

3. Only open your briefcase if airport security asks you to do so. 

4. If airport security asks you to open the document package, produce your courier letter and identification card. Inform security 
personnel that you are couriering classified data and that the package cannot be opened. If security personnel do not accept this 
explanation, contact the Airport Security Manager and explain the situation. 

5. If airport security, Airport Security Managers, airline officials, or anyone insists on opening the document package, refuse and 
cancel your trip. 

G. Emergency situations: 

1. In case of any emergency en route emergency or if paragraph F5 applies, immediately contact your Security Officer. After 
receiving such notification, Activity and Contractor Security Officers must immediately contact the Program Security Officer. 

2. In the event of a skyjacking, do not reveal your courier assignment. Use common sense. Do not attempt to hide the material or 
dispose of it. Leave it in your briefcase. If anyone insists on opening your briefcase, do not argue or physically attempt to stop 
them. Notify Airport Security Managers on your release as soon as possible. 

3. If a bomb threat occurs while you are on board an aircraft, present your courier letter and identification card to Customs, FAA, 
or Federal agents. Explain your situation and permit x-ray or electronic scanning. If any of these officials insist on opening the 
sealed document package, ask that they do so in a segregated area, away from other individuals or passengers. Remain with them 
when the package is opened. After the search is completed, obtain the names, agency, and telephone numbers of the searching 
individuals. Immediately supply this information to your Security Manager. NOTE: Security officials will defensively debrief 
these individuals as necessary. Do not conduct the debriefings yourself. 

4. If you are forced to abandon a trip because of failure to make connections, sickness, etc., keep the material in constant personal 
contact. If a motel is required, rent only one room for the two-person courier team (if male-female team, rent adjoining rooms). 
Have meals delivered to the room. Contact the Security Manager for instructions and possible locations where the material may 
be taken and deposited. 

5. If there is a vehicle mishap en route, e.g. a breakdown or accident, contact the Security Manager at both your departure and 
destination points. Explain the general nature and importance of your business travel to law enforcement officials. Display your 
courier letter and identification card. If these officials insist on opening the document package or seizing it, do not physically 
resist. Obtain names, badge numbers, and telephone numbers, and ask to talk to superior officers. Explain the situation to the 
superiors and ask them if they will allow you to put them in contact with the Program Security Officer. If conditions warrant, one 
of the couriers should remain with the vehicle, while the other travels the shortest distance possible to obtain assistance. 
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H. If you arrive at your destination after working hours, make prior arrangements to secure the material in an approved SAP facility. If 
your are delayed or unable to reach your contact at the destination point, notify your Security Manager. If you are unable to contact the 
Security Manager at either the delivery or departure point, proceed to the facility or activity and attempt to obtain telephone numbers of 
persons you positively know are program-accessed. Ask them to assist you in contacting security personnel. Do not leave your package with 
non-accessed personnel or within non-program areas. As a last resort, keep the material within your control. 

I. Be cautious while in telephone booths, public restrooms, cafeterias, and similar areas to ensure that your briefcase is not switched or 
stolen. Stay out of these areas as much as possible. While on board the aircraft, place your briefcase under the seat in front of you; do not 
place it in the overhead storage compartment. 

J. Always require and obtain a receipt for the material at the point of departure and point of origin. 



ENDORSEMENT 

I have read the instructions above and will fully comply with these instructions. I understand the seriousness of this 
mission and am aware of the extreme detrimental effects on this mission and am aware of the extreme detrimental 
effects on the national security that would result should the material I am couriering be compromised. I further 
understand that should my negligence result in a compromise or loss, disciplinary may be taken. I am aware that 
transmission or revelation (by loss or any method) of this information to unauthorized persons could subject me to 
prosecution under the Espionage Law (U.S.) Code, Title 18, Sections 793, 794, and 798) or other applicable statutes and, 
if convicted, could result in up to a 10-year sentence in prison or a $10,000 fine, or both. 



Name of courier (1) (Type or Print) 


Signature of Courier (1) 


Date 


Name of courier (2) (Type or Print) 


Signature of Courier (2) 


Date 


Name of Security Officer (Type or Print) 


Signature of Security Officer 


Date 
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TECHNOLOGY TRANSFER REQUEST 



TO: 



SUBJECT: Technology Transfer Request - Number 



01 ) 



(Unique numbering system to your organization, e.g., USA-001- 



1. ( ) References: 



(Any previous communications regarding this tech-transfer) 



2. ( ) Request that the following material be technology-transferred from the program 

(Di/Tri- Graph) 

administered by the to the program administered by the 

(Organization) (Di/Tri- Graph) (Organization) 



CONTROL 

NUMBER 


ITEM TITLE 

(Be Specific) 


TYPE MEDIA 

(Doc, Hdwe, Disk, 
etc) 


CLASSIFICATION 


DATE 

OF 

ITEM 


DATA 

RIGHTS 































































3. ( ) Justification / Purpose of Tech-Transfer: 



DERIVED FROM: 

DECLASSIFY ON: 

SOURCE DATED: PAGE of_ 
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SUBJECT: Technology Transfer Request - Number 



4. ( ) Points of Contact Information (Name/Phone # of applicable Technical, Security and Contracts individual for 

each SAP affected): 



5. ( ) Details of Redaction / Sanitization (Show how and when the items being tech-transferred will be sanitized / 

remarked and list who exactly will perform the task): 



NOTE: In addition to the redacting / sanitization described above, all material authorized for tech- 
transfer under this agreement shall be prominently marked with the following statement(s), as 
appropriate. These notice(s) shall be placed conspicuously on the cover pages of documents and the 
internal pages of media; also, on the outside of media and hardware: 



REQUIRED ON ALL : REQUIRED ON GOVERNMENT 

TO IR&D PROJECTS: 



THIS ITEM HAS BEEN TECHNOLOGY- 
TRANSFERRED FROM A PREVIOUS 
SPECIAL A CCESS PROGRAM 
OR RECLASSIFY, 

YOU MUST CONTACT THE 
FOLLO WING SECURITY OFFICER 



DEVELOPED OR GENERATED 
UNDER U.S. GOVERNMENT TO 
CONTRACT. FURTHER DISSEMINATE 



(Tech -transfer #. 



applies )■ 



(Name, telephone number of Security Officer to whom the item has been tech-transferred to) 

6. ( ) Special Instructions: 

a. ( ) Upon signing this technology-transfer request 

(Organization/Program that will receive the transfer) 

assures that appropriate classification guidance and procedures are in place within their 
pertinent Program Security Classification Guide relative to the security requirements governing 
this technology being transferred. 



PAGE of 
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SUBJECT: Technology Transfer Request - Number 

b. ( ) agrees not to reclassify, downgrade or further 

(Organization/Program that will receive the transfer) 

technology-transfer this material without the written approval of the 

(Organization releasing the item(s)) 

c. ( ) Should any infraction, violation or compromise occur with the materials stated herein, 

every effort shall be made by the to notify the 

(Organization/Program that will receive the transfer) 

Program Office Program and Security Managers immediately. 

(Organization releasing the item(s)) 

d. ( ) Consideration (List any considerations made in this technology-transfer): 



TECHNICAL SIGNATURES SECURITY SIGNATURES 



(Name/Title/Signature of ‘ ‘Releasing ’’ Technical A uthority) (Name/Title/Signature of ‘ Releasing ’’ Security Manager) 



(Name/Title/Signature of ‘ Receiving ’’ Technical Authority) (Name/Title/Signature of "Receiving’’ Security Manager) 



(Name/Title/Signature of Contracting Officer — if applicable ) 



PAGE of. 
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TECHNOLOGY TRANSFER LOG 



CONTROL 


TECH-TRANSFER 


SHORT UNCLAS 


FROM 


POC 




NUMBER 


DATE 


DESCRIPTION OF TRANSFER 


(DI/TRI- 


TELEPHONE 


REMARKS 








GRAPH to 


/OFFICE 








DI/TRI 

GRAPH) 









Standard Form 86 Certification 



Form Approved: 
OMB No. 3206-0005 



Follow instructions fully or we cannot process your form. Be sure to sign and date the certification 
statement on page 2. If you have any questions, call the office that gave you the form. 



The Standard Form 86 (SF 86), Questionnaire for National Security Positions, is completed by persons 
performing, or seeking to perform, national security duties for the Federal Government. The SF 86 is 
used by the Office of Personnel Management and by other Federal agencies to initiate the background 
investigation required to determine placement in national security positions in accordance with 42 U.S.C. 
2165, 22 U.S.C. 2585, E.0. 10450, Security Requirements for Government Employment, issued April 27, 
1953, and E.0. 12968, Access to Classified Information, issued August 2, 1995. There are many 
situations where individuals are required to fill out a new SF 86 when the sole purpose is to determine if 
any information on a previously executed SF 86 has changed. This requires extensive work by the 
individual even if nothing has changed. The SF 86C is a certification document that allows the reporting 
of changes in previously reported information on the SF 86. This certification will be in lieu of completing 
a new SF 86 and will allow the individual to indicate that there have been no changes in the data provided 
on the most recently filed SF 86. Or it will allow the individual to easily provide new or changed 
information. No investigation will be initiated based solely on the execution of this form. 

Your Social Security Number (SSN) is needed to keep our records accurate, because other people may 
have the same name and birthdate. Public Law 104-134 (April 26, 1996) asks Federal agencies to use 
this number to help identify individuals in agency records. Giving us your SSN or any other information is 
voluntary. However, if you do not give us your SSN or any other information requested, we cannot 
process your application. Incomplete addresses and ZIP Codes may also slow processing. 

Privacy Act Statement " 

Solicitation of this information is authorized by Executive Orders 10450 and 12968 and 5 CFR 732. The 
U.S. Government conducts background reinvestigations to establish that individuals continue to be 
eligible for positions involving national security or special nuclear information or material. We may share 
this information with other Federal agencies; Congress (when requested); a court of competent jurisdic- 
tion, news media and the general public when the disclosure would be in the public interest and would 
not constitute an unwarranted invasion of privacy; public authorities responsible for enforcing, investiga- 
ting or prosecuting violations of statute, rule, regulation or order (except as noted in Question 24 on the 
SF 86); and, in compliance with the National Security Act of 1947, the CIA Act of 1949, Executive Order 
12333, and other such acts as may be promulgated. If you do not supply the requested information, the 
processing of your investigation may stop and any clearances or access you have may be terminated. 

Public Burden Statement — — ■— ^ ^ 

We think this form takes an average 15 minutes to complete, including the time for reviewing instructions, 
getting the needed data, and reviewing the completed form. Send comments regarding our estimate or any 
other aspect of this form, including suggestions for reducing completion time, to the U.S. Office of Personnel 
Management, OPM Forms Officer, Paperwork Reduction Act (3206-0005), Washington, D.C. 20415-7900. 

The OMB Number 3206-0005 is currently valid. OPM may not collect this information, and you are not requir- 
ed to respond, unless this number is displayed. Do not send your completed form to this address. 
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Standard Form 86 Certification 



Form Approved: 
OMB No. 3206-0005 



INSTRUCTIONS: PLEASE TYPE OR LEGIBLY PRINT YOUR ANSWERS IN BLACK INK. Referencing information 
contained in your most recent Standard Form 86 (SF 86), Questionnaire for National Security Positions, (OMB No. 
3206-0005), or information disclosed upon the date of your last background investigation, complete this Form. All 
questions on this Form must be answered. Any changes that you make to this Form after you sign it must be initialed 
and dated by you. The U.S. Criminal Code (Title 18, section 1001) provides that knowingly falsifying or concealing a 
material fact is a felony which may result in fines of up to $10,000 and/or 5 years imprisonment, or both. 

Do not provide information you have already provided on your most recent SF 86. Any Yes responses under 
Blocks 2 and/or 3 must be explained in Block 4. If additional space is needed, use a blank piece of paper. Each blank 
piece of paper must contain your name, date, and Social Security Number at the top of the page. Conclude by 
certifying the accuracy of your answers in Block 5, the Certification Note. You may request an interview with a 
government security officer/agent if you have questions pertaining to Blocks 2 and 3. Contractors shall inform 
employees that this Certification Form may be completed in private and returned to security personnel in a sealed 
envelope. It is IMPORTANT that you keep your most recent Standard Form 86 and a COPY of this certification 
form in your personal records file for immediate retrieval. 

















Full Name (Last, First, Middle, Maiden) 


Social Security Number (SSN) 


Date of Birth (mm/dd/yyyy) 


Place of Birth 


Telephone 

Numbers 


Work 


Home 


E-mail 



j j STOP! Check this box if you wish to consult with a government security officer before completing Blocks 2 and/or 3. 
Block 2 • -1 1 of the Standard Form 86' 



Instructions: The following Sections, noted in Blocks 2 and 3, correlate with your SF 86. If you report no change to a Section, 
place an "X" in the No box. If there is a change to report, place an "X" in the Yes box. All Yes answers must be explained under 
Block 4, Explanation/Remarks. 



Yes 


No 








Section 5. (Other Names Used) 




Section 6. (Other Identifying Information, Height/Weight/Hair/Eye/Sex M-F) (Not Applicable) 


Section 7. (Telephone Numbers) (Provide under Block 1, above) 






Section 8. (Citizenship) 






Section 9. (Where You Have Lived) 






Section 10. (Where You Went To School) 






Section 11. (Your Employment Activities) 




Section 12. (People Who Know You Well) (Not Applicable) 






Section 13. (Your Spouse) 






Section 14. (Your Relatives and Associates) 






Section 15. (Citizenship Of Your Relatives and Associates) 






Section 16. (Your Military History) 






Section 17. (Your Foreign Activities) 






Section 18. (Foreign Countries You Have Visited) 
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Section 19. (Your Military Record) 




Section 20. (Your Selective Service Record) (Not Applicable) 



Section 21. (Your Medical Record) 



Section 22. (Your Employment Record) 



Section 23. (Your Police Record) 



Section 24. (Your Use of Illegal Drugs and Drug Activity) 



Section 25. (Your Use Of Alcohol) 



Section 26. (Your Investigations Record) 



Section 27. (Your Financial Record) 



Section 28. (Your Financial Delinquencies) 



Section 29. (Public Record Civil Court Actions) 



Section 30. (Your Association Record) 



Before each answer, identify the Standard Form 86 section number associated with your answer. For example, if you have had 
a change of residence, place a 9, and then list your new address. 




| j Check this block if additional comments are attached. Place your name, date, and SSN at the top of each page. 



| [ STOP > Please check this block if your SF-86, Questionnaire for National Security Positions, is attached. 




I certify that the above information includes all changes to my most recent Standard Form 86, dated ; . 

or since my last investigation, dated (per instruction from your sponsor, note oniy one date). 

Changes, if any, are explained under Block 4. 1 make this certification to the best of my knowledge and belief, and I 
sign this Note in good faith. I understand that a knowing and willful false statement on this Certification Form can be 
punished by fine or imprisonment or both. (See United States Code, Title 18, Section 1001). 
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Appendix G 
Retention Guidelines 



(This guidance should be applied when the regulations of the 
CSA do not provide retention requirements for SAP records.) 



IF RECORDS 
ARE OR 
PERTAIN TO 


CONSISTING OF / 
WHICH ARE 


MAINTAINE 
D BY 


DISPOSITION / 
DESTROY 


Security Officer 
Appointments 


Letters, Approvals, Forms 


All 


Destroy When Replaced or 
Superseded 


Plans 


Emergency Procedures, 
Security Operating 
Instructions, Tests, 
Manufacturing, etc. 


Contractor 

PMO 

PSO 


Upon Termination of 
Program 

Forward to PSO 

One Year After Program 
Termination 


Training Records 


Security Education 
Attendance, Computer 
Listings, and SAP Format 
17 


All 


When Individual is 
Deaccessed 


Exercise Reports 


Of Emergency Plans and 
Guard Responses 


All 


Destroy After Two 
Consecutive Reviews 


EMSEC Reports 


Surveys 


All 


Destroy When Facility 
Becomes Unoccupied 


Adverse Information 
Reports 


Required by 

NISPOM/NISPOM Sup or 
Other Gov’t Directives 


All 


Destroy Five Years After 
Individual is Deaccessed 


Contract Security 

Classification 

Specifications 


DD Forms 254 


Contractor 

PSO 

PMO 


Destroy Five Years After 
Contract is Completed 
Destroy Five Years After 
Contract is Completed 
Retain Permanently 


Visits 


Visitor Requests, SAP 
Formats 7, 7L 


All 


Destroy After One Year 




Visitor Logs 




Destroy After Seven Years 


Accreditations 


Of Program Facilities which 
Include Facility Checklists 
and Open Storage 
Authorizations 


Contractor 

PSO 


Destroy When Facility 

Becomes Superseded or 

Unoccupied 

Destroy One Year After 

Decertification 


Waivers 


Security Criteria, SAP 
Format 12 


Contractor 

PSO/PMO 


Destroy When Program is 
Terminated 

Destroy Five Years After 
Program is Terminated 
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Alarm Test Records 


AF Forms 2530 


All 


Destroy After One Security 
Review Cycle 


Document Control 
Records 


Receipts 

Mail Receipts/Logs 


All 


Destroy After Five Years 
Destroy After Two Years 




Master Document Listings 




Destroy When Superseded 
or No Longer Needed 




Destruction Certificates 




Destroy after five years 




Top Secret 

Registers/Control Records 




Destroy five years after 
register closed 


Access Approvals 


Received From Program 
Office 


Contractor 

PSO/PMO 


Attach to PAR 

Destroy Five Years After 
Program is Terminated 


Access Lists 


Information Copies 

Master Copy Prepared by 
Originator 


PSO/PMO 

All 


Destroy When New List is 
Received 

Destroy After Five Years 


Audit Reports 


Top Secret Inventories 

Top Secret Computer 
Audits 


All 


Destroy Two Years After 
Completed or After PSO 
Inspection, Whichever is 
Later 

Destroy After One Security 
Review Cycle 


Briefing Statements 
(SAP Formats 2 and 
2a, if applicable) 


Including Pre-Briefings, 
Indoctrinations and 
Debriefings 


Contractor 

PSO/PMO 


Forward to PSO Upon 
Debriefing 

Destroy Five Years After 
Program is Terminated, or 
IAW Agency Directives 


Foreign Travel 
Reports 


SAP Format 6 


All 


Destroy Five Years After 
Program is Terminated 


Inadvertent 

Disclosure 

Statements 


SAP Format 5 


All 


Destroy Five Years After 
Program is Terminated 


Program Access 
Requests (PAR) - 
(SAP Formats 1 and 
la if applicable) 


Approved for Access 
Disapproved for Access 


All 

Contractor 

PSO/PMO 


Destroy After Five Years 

Destroy Upon Receipt of 
Disapproval 
Forward to Adjudicator 
Who Retains Permanently 


Request to T ransfer 
Documents to 
Another Program 


Approved 


PSO/PMO 

Contractor 


Destroy After Five Years 

Destroy When Associated 
Documents Are Destroyed 


Security Policy 


Directive or Provide 
Interpretation 


Contractor 

PSO/PMO 


Destroy One Year After 
Program is Terminated 
Retain Permanently 
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Security Review 
Reports (SAP 
Format 19) on 
Checklists 


Annual Self-Review 

Reviews Conducted by 
PSO 

Subcontractor Reviews 


Top Secret Access 
Records 


AF Forms 144 or Equivalent 


Inspection Reports 


After Duty Hour Inspections 
and Safe Check Records 




Entry/Exit Checks 


Subcontractor 

Documentation 


Requests to Contact 
Including SAP Format 13 




Trip Reports 


Security 

Classification 

Guides 


Master 

Copies 


Technical Security 

Countermeasures 

Surveys 


Including SAP Format 8 


Inquiries 


Security Violations 


Investigations 


Compromises/Suspected 
Compromises/ Document 
Losses 


Recurring Reports 


SAR Program Contract 
Security Report 




Subcontractor Status 
Reports (SAP Format 11) 


SATRAN Reports 




Program 

Management 

Directives 




Courier 

Designations 




Communication 

Requests 


Secure Comm/FAX - (SAP 
Format 10) 


Circle (A, B) 
Investigations 


Logs of Same 



All 

Contractor 

PSO/PMO 


Destroy After One Year, 
But Maintain al Least Two 
Reports 

Destroy After Three Years 
Destroy After Five Years 


Contractor 


Destroy After Five Years 


All 


Destroy Two Years After 
Corresponding Document 
is Destroyed 


All 


Destroy at End of Each 
Month 




Destroy After PSO 
Inspection 


Contractor 

PSO/PMO 

All 


Destroy One Year After 
Program is Completed 
Destroy One Year After 
Program is Terminated 
Destroy Two Years After 
Trip is Made 


PSO/PMO 

Contractor 


Retain Permanently 
Destroy One Year After 
Program is Terminated 


All 


Destroy After Next Report 
is Received 


All 


Destroy After Two Years 


All 


Destroy Five Years After 
Program is Terminated 


All 


Destroy After One Year 


Contractor 


Destroy One Year After 
Program is Terminated 


PSO/PMO 


Destroy After Three Years 


All 


Destroy When No Longer 
Needed 


PMO 


Retain Permanently 


All 


Destroy After One Year 


Contractor 

PSO 


Destroy One Year After 
Equipment is Installed 
Destroy Five Years After 
Program is Terminated 


Contractor 


Destroy One Year After 
Program is Terminated 
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Personnel Security 
Investigations 


DDFM 1879/SF 86 


Memorandums of 
Understanding 
(MOU)/Memorandu 
ms of Agreement 
(MOA) 


By Government Agencies 


Building Checks 


Conducted by Guards 


Reports of 
Espionage, 
Sabotage, or 
Subversion 




Reports of Hostile 
Contacts 




Shipment 

Tampering Reports 




Media Information 
Attempts 


Including Releases 
(Approved/Non-approved) 


Classification 

Changes 




Requests for Top 
Secret 

Reproduction 




Threats/Threat 

Assessments 


Provided by Government 
Investigative Agencies 


Program 

Termination 


Associated Documentation 


Listing of Names, 
Codes and 
Convenience 
Numbers 





All 


Destroy When Individual is 
Deaccessed 


Contractor 


Destroy When Facility is 
No Longer Used 


PSO 


Destroy Five Years After 
Program is Terminated 


Contractor 


Destroy After One Year 


All 


Retain Permanently 


All 


Retain Permanently 


All 


Destroy One Year After 
Program is Terminated 


All 


Destroy Five Years After 
Program is Terminated 


Contractor 


Destroy After Information 
is Included in Security 
Classification Guide 


PSO/PMO 


Retain Permanently 


All 


Incorporated into 
Document Control 
Records 


All 


Destroy when Threat is 
Eliminated or After Five 
Years, Whichever is 
Sooner 


Contractor 


Destroy Five Years After 
Program is Terminated 


PSO/PMO 


Retain Permanently 


All 


Destroy Five Years After 
Program is Terminated 
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Appendix H 

HANDLE VIA SPECIAL ACCESS CHANNELS ONLY 

1. General. The purposes of Handle Via Special Access Channels Only 
(HVSACO) are: 

1.1. To preclude the disclosure of Critical Program Information and 
general program-related information outside established 
acknowledged and unacknowledged Special Access Program 
(SAP) channels. 

1.2. To minimize Operations Security (OPSEC) indicators. 

1.3. To facilitate communication of information within SAPs. 

2. Use of HVSACO. Dissemination of information warranting HVSACO 
protection will be limited to persons briefed into a SAP and retained 
within SAP approved channels. Formal SAP indoctrination or execution 
of briefing/debriefing forms specifically for HVSACO is not required. 

The term SAP channels denotes secure, approved SAP communications 
systems, Special Access Program Facilities (SAPFs), or PSO-approved 
SAP storage areas. HVSACO is not a classification level, but rather a 
protection or handling system. Its use is optional. Examples of 
HVSACO uses may include: 

2.1. For general non-program specific communications between and 
within SAPs. More specifically, on information related to SAP 
security procedures, test plans, transportation plans, 
manufacturing plans, and notional concepts related to research, 
development, testing, and evaluation of SAPs. 

2.2. When a paragraph or document contains information that is 
unique to a SAP and its distribution. 

2.3. When necessary to protect relationships. 

2.4. To protect information that does not warrant classification under 
E.O. 12958. 

2.5. When using a SAP nickname for an unacknowledged SAP. 

3. Release. Upon request for public release, the originator of the material 
must review the material involved to determine whether to retain it 
within program channels: 

3.1. If public release is appropriate, remove the HVSACO marking from 
the document, or 

3.2. Inform the requestor of the decision not to release the information, 
citing an appropriate authority. 

4. Training. Training on HVSACO should be included in annual security 
awareness refresher sessions. 

5. Marking. Procedures for the use of HVSACO should be included in 
Program Security Classification Guides. 
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6. Storage. Materials warranting HVSACO protection may be stored 
openly or placed in desks, lock-bar containers, or similar storage 
containers within an approved SAPF. PSOs may grant an exception to 
allow the taking of unclassified HVSACO materials to alternate 
temporary storage areas, provided the material is under an 
appropriately authorized individual's direct control, or under "key lock 
protection" which is controlled by that individual. 

7. Transmission. 

7.1. At a minimum, use U.S. First Class mail for shipment of 
unclassified materials requiring HVSACO protection. 

7.2. Use the secure mode when discussing HVSACO protected 
material on the telephone (STU/STE). 

7.3. Use only approved, secure facsimile equipment when transmitting 
HVSACO protected material. 

7.4. Do not transmit HVSACO protected material via unclassified e- 
mail. 

8. Reproduction. Reproduce unclassified HVSACO protected information 
only on equipment approved by the PSO. 

9. Accountability. HVSACO protection does not require accountability. 
Document accountability is based on classification level or unique 
program requirements. Document control numbers, entry into 
document control systems, or internal or external receipts are not 
required for unclassified HVSACO protected material. 

10. Destruction. Destroy HVSACO protected information according to the 
procedures approved for classified material. Destruction certificates 
are not required for non-accountable HVSACO protected materials. 

11. Improper Handling or Misuse. Based on an assessment of the OPSEC 
risk, notify the PSO within 24 hours of any possible improper handling 
or misuse of HVSACO protected information and its impact. An inquiry 
should be conducted by the facility security manager to determine if a 
compromise occurred as a result of practices dangerous to security. 
The PSO will ensure that prompt corrective action is taken on any 
practices dangerous to security. When classified information is 
involved, follow the procedures in paragraph 1-301. 

12. Removal of HVSACO markings. Contact the originating office for 
permission to remove HVSACO markings. 
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Appendix I 

Inspection Readiness Planning 



Background. Current and emerging international treaties and agreements 
to which the United States is, or will be, a signatory, impact a variety of 
DoD installations, facilities, sites and activities. This may include facilities 
that house DoD Special Access Programs (SAPs). Although the likelihood 
that a SAP Facility (SAPF) may be inspected will vary from site to site, all 
facilities should plan for inspection readiness. In order to determine the 
impact of international agreements at or in the vicinity of SAP sites and 
information, it is necessary to understand individual treaty provisions as 
they relate to the degree of intrusiveness allowed for an on-site inspection. 
Also, in order to effectively protect DoD equities, a risk assessment should 
be carried out to identify the sensitivities involved - exactly what 
information or processes need to be protected from the threat posed by the 
mere presence of foreign inspectors, as well as uncleared U.S. Government 
personnel. A close look should be taken at what security countermeasures 
should be adopted, and what procedures should be developed for 
implementing these countermeasures on a timely basis prior to inspection. 

The Process. Preparing for an inspection incorporates many aspects of 
the ongoing Operations Security (OPSEC) process. Traditionally the 
OPSEC process denies adversaries information about capabilities or 
activities by identifying, controlling, and protecting generally unclassified 
evidence or information on the planning and execution of sensitive 
operations or activities. OPSEC considers the changing nature of threats, 
vulnerabilities and operational and activity phases of a plan, operation, 
program, activity or project to identify vulnerabilities and determine 
appropriate countermeasures. Aspects of this approach are applicable to 
preparing for an inspection as well. 

The protection of critical information is the objective of inspection 
planning. In this case, "critical information" is that which, if obtained by a 
foreign inspector, could result in the compromise of national security, 
undesired technology transfer, or loss of proprietary information. Each 
site where a SAP is located should determine precisely what critical 
information it has on hand and whether there are any obvious indicators 
that could lead to compromise of the SAP information. Size, shape, 
substance, and program operation are just a few of the factors that should 
be taken into account when trying to determine what is on site that could 
disclose valuable information. 

It is necessary for SAPFs located on declared inspection sites to 
understand specific treaty provisions, rights and obligations. All other 
SAPFs (i.e., not located on declared treaty sites) must realize they can still 
be inspected during an on-site challenge-type inspection. Treaty 
provisions provide for verification activities that could include data 
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declarations or exchanges, imaging overflights, on-site inspection (with its 
own range of activities), consultations, or confidence- and security- 
building measures. Knowing these provisions in advance will provide the 
ability to construct and put in place the proper security countermeasures. 

Each treaty affords inspectors certain rights and obligations during the 
inspection process, and it is crucial to be aware of these rights and how 
they can impact on SAPF security. Such rights may include access to 
buildings, structures, records, and personnel interviews; visual 
observation; measuring and weighing; sampling and analysis; and 
photography. Treaties also obligate inspectors to conduct their activities 
with minimal intrusion or operational impact, and to consider proposals to 
alter certain aspects of the inspection when requested by the facility or 
organization hosting the inspection team. Program managers and program 
security managers should be provided implementation guidance and 
direction from their SAP central office to become aware of rights such as 
these, and learn what measures legally can be adopted to counteract the 
inspection teams requests, when providing alternate means to demonstrate 
compliance. 

Once site-specific critical information has been determined, and the 
treaties have been examined to determine their potential impact in the 
event of an inspection, the final phase of readiness planning should be to 
identify appropriate countermeasures and methods of implementation. It is 
especially important to do this BEFORE notification of an inspection is 
received, in order to allow enough time for the measures to be put in place. 
Countermeasures should be selected based on factors such as feasibility, 
ease of implementation, proposed effectiveness, and overall cost. They 
might include basic procedural changes, deception, perception 
management, physical security measures, and intelligence 
countermeasures-anything that will reduce the inspection teams' 
collection capabilities. 

Conclusion. This is a brief overview of some issues to be aware of when 
conducting inspection readiness planning; it is by no means 
comprehensive, nor should it serve as the only point of reference. As 
noted in the DoD Overprint to the NISPOM Supplement, Chapter 11, Section 
7, there are several resources available to program and site managers 
through their DoD SAP Central Offices to assist in preparing for a possible 
visit. However, this hopefully will serve to familiarize readers with a 
snapshot of what is expected of them, and what is necessary to protect 
vital SAP information and U.S. national security interests. 
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Appendix J 

Security Review Checklist 

This Security Review Checklist should be used as discussed in paragraph 1-207, Chapter 1, 
Section 2, when conducting self inspections. Each checklist should be marked, top and 
bottom, with "CONFIDENTIAL (When Filled In) SPECIAL ACCESS REQUIRED - 
", with the appropriate derivation and declassification instructions. 



SECURITY COMPLIANCE ITEMS 

YES NO N/A 

TOP SECRET ACCOUNTABILITY 

1. After initial distribution, is Top Secret material only reproduced with 
specific approval of the PSO? (DoD Overprint , para 5-601) 

2. Is Top Secret material that has been reproduced subject to the same 
protection as the original document? (DoDD 5200.1 -R, para 6-402e and 
NISPOM, para 5-601 c) 

3. Is a record of Top Secret reproduction maintained and retained for at 
least 2 years? (NISPOM , para 5-603) 

4. Are disclosure (access) records maintained and attached to Top Secret 
documents that identifies persons given access to the information and 
the date of disclosure? (DoD Overprint, para 5-201 a(2)) 

5. Are document accountability records, which show individual 
responsibility, maintained for Top Secret information? 

(NISPOM, para 5-203a) 

6. Are inventories of Top Secret material conducted at least annually and 
upon change of custodians? (DoDD 5200.1-R, para 6-300c and 
NISPOM, para 5-203a) 

7. Is Top Secret material transmitted only by authorized means? 

(DoDD 5200.1-R, para 7-101 and NISPOM, para 5-402) 

PROGRAM SECURITY MANAGEMENT 

1. Is the security officer knowledgeable of SAP procedures and 
requirements? (NISPOM, para 1-201) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

2. Is the security staff sufficiently manned to provide adequate and prompt 
management, supervision and guidance? (DoDD 5200.1 -R, para 1-201b 
and NISPOM, para 1-202) 

3. Are subcontractors or sub-units properly managed? (NISPOM, chapter 
7) 

4. Are in-depth self-reviews conducted, documented, and adequate, 
prompt corrective actions initiated when deficiencies noted? 

(NISPOM, para 1-207b) 

SECURITY INCIDENT MANAGEMENT 

1. Are security incidents reported? (NISPOM Sup, para 1-301 a) 

2. Are corrective actions taken sufficient to prevent recurrence? (NISPOM, 
para 1-303c(3)) 

3. Is a PSO-approved sanitized report sent to DIS when individual 
responsibility for a security violation can be determined? 

(NISPOM , para 1-304c) 

COMPUTER SECURITY 

1. Is unclassified media and hardware controlled? (DoD Overprint, para 
8-500) 

2. Is classified media and hardware controlled? (DoD Overprint, 
para 8-500) 

3. Are audit trails being collected and reviewed for anomalies? (DoD 
Overprint, para 8-303c) 

4. Are the storage and the transmission process of the AIS sufficiently 
protected to prevent loss or compromise of classified material? (DoD 
Overprint, paras 8-400, 8-501 d) 

5. Have key computer security program requirements such as ISSR 
appointment, AISSP approvals, etc., been complied with? (DoD 
Overprint, para 8-1 01 a, b) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

PERSONNEL SECURITY 

1. Do all program briefed personnel possess the appropriate personnel 
security investigations? (NISPOM Sup, para 2-201) 

2. Are program personnel properly indoctrinated? (DoDD 5200.1 -R, para 
9-201 and NISPOM Sup, para 3-1 01 a) 

3. Are personnel security packages sent to the CAO for adjudication for 
those personnel who do not meet 1st or 2nd Tier guidelines and are 
awaiting initial SAP access? (AQL Policy) 

4. Do accessed persons possess a need to know and materially contribute 

to the program? (NISPOM Sup, para 2-201 a) 

SECURITY EDUCATION 

1. Are program personnel aware of program security requirements? (DoDD 
5200.1 -R, para 9-100 and NISPOM Sup, para 3-100) 

2. Are program personnel knowledgeable and apply the correct 
classifications to classified material? (DoDD 5200.1 -R, paras 9-401, 

9-402 and NISPOM, para 4-102) 

3. Are program personnel aware of their responsibility to report adverse 
information? (NISPOM, para 1-300) 

SECURITY EDUCATION REMARKS 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

SECURITY MANAGEMENT 

1. Has a SAP Contractor Program Security Officer (CPSO) been 
designated? (DoD Overprint, para 1-200) 

2. Does the CPSO have the position, responsibility, knowledge and 
authority commensurate with the degree of security support required of 
that organization? (DoD Overprint, para 1-200) 

3. Has the PSO been notified, in writing, of the initial nomination of the 
CPSO and any subsequent changes (NISPOM Sup, para 1-200) and has 
the PSO approved the appointment? (DoD Overprint, para 1-200) 

4. Has the PSO approved Fraud, Waste, Abuse and Corruption reporting 
channel program been implemented? (DoD Overprint, para 1-208) 

5. Does the CPSO possess a security clearance and program access at 
least equal to the highest level of program classified information 
involved? (DoD Overprint, para 1-200b1) 

6. Are security violations and improper handling of classified information 
incidents reported to the PSO within 24 hours and through proper 
program channels? (DoD Overprint, para 1-303a) 

7. Are security infractions documented and made available for review by 
the PSO during visits? (DoD Overprint, para 1-301a2) 

8. Are personnel that have had unauthorized or inadvertent access to 
classified SAP information given an Inadvertent Disclosure Oath for 
their signature? (DoD Overprint, para1-301b) 

9. Has current classification guidance been issued and is it being adhered 
to? (DoD Overprint, para 4-103) 

10. Are all challenges to SAP classified information and/or material 
forwarded through the CPSO to the PSO for clarification? (DoD 
Overprint, Chap 4, Sec 1) 


















SECURITY COMPLIANCE ITEMS 



YES NO N/A 

11. Has the contractor developed a self-review program to assess their 
security systems on an annual basis and are they in sufficient detail to 
discover non-compliance to applicable directives? (DoD Overprint, para 
1-206e) 

12. Have deficiencies identified during Cognizant Security Agency (CSA) 

Reviews and Contractor Self-Reviews been corrected? (DoD Overprint, 
para1-200b5) 

13. Does the CPSO submit reports to the PSO when required? (DoD 
Overprint, para 1-300) 

14. Are waivers avoided and requested only when necessary in the best 
interest of the Government? (DoD Overprint, para 1-106) 

15. Are waiver requests fully justified, including adequate compensatory 
measures and are detailed procedures written? Are all waivers 
submitted in writing through and coordinated by the PSO and approved 
by the appropriate level of security management? (DoD Overprint, para 
1-106) 

SECURITY MANAGEMENT REMARKS 



SECURITY PLANNING 

1. If required, have Standard Operating Procedures (SOP) been developed 
to implement/supplement the security policies and requirements for 
each program? (DoD Overprint, para 1-201) 

2. Are changes to the SOP made in a timely fashion and reported to the 
PSO as they occur? (DoD Overprint, para 1-201) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

3. Has the SOP and any changes been approved by the PSO? (DoD 
Overprint, para 1-201) 

4. Are SOPs for program facilities/areas, tests, transportation, and handling 
submitted to the PSO at least 30 days in advance of the planned activity? 

(DoD Overprint, para 1-201c) 

5. Have Memorandums Of Agreement or Understanding (MOAs or MOUs) 
and Co-utilization Agreements been established between different CSAs 
prior to sharing a SAPF? (DoD Overprint, para 5-800) 

6. Has the badging system, been approved as part of the SOP, and have 
detailed procedures been included (e.g. documenting the badge 
approach, addressing badge accountability, storage, inventory, 
disposition, destruction, format, use, etc.? (DoD Overprint, para 1-202) 

7. If considered necessary, has the badging system been implemented 
when over 25 people have been accessed to the SAPF? (DoD Overprint, 
para 1-202) 

8. When the condition warrants, has a TSCM been requested for the 
approval or reaccredidation of facilities? (DoD Overprint, para 5-806 and 
para 11-500) 

9. Are OPSEC plans/surveys accomplished to define and provide 
countermeasures to vulnerabilities when contractual provisions require? 

(DoD Overprint, para 11-400) 

10. Is an OPSEC orientation given to newly assigned personnel? (DoD 

Overprint, para 11-400) 

11. Is OPSEC included in annual refresher training? (DoD Overprint, para 
11-400) 

12. When retention of SAP classified documents is required, is permission 
requested of the contracting officer? (DoD Overprint, para 5-701 & 11- 
301) 

13. Are EMSEC standards adhered to when required? (DoD Overprint, para 
11 - 100 ) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

14. Are telephone security requirements of DCID 6/9 adhered to? (DoD 
Overprint, para 11-703) 

SECURITY PLANNING REMARKS 



PERSONNEL SECURITY 

1. Are initial program indoctrinations of employees conducted only after 
access is approved by the PSO? (DoD Overprint, para 2-201 g-i) 

2. Is the activity reporting to the PSO adverse information, foreign travel, 
etc., that may affect the person’s ability to protect program information? 
(DoD Overprint, para 1-300) 

3. Are only people that materially and directly contribute given program 
access? (DoD Overprint, para 2-201 a) 

4. Is SAP Format 2 “Special Access Information Agreements” or DD Form 
2836 (and when required a SAP Format 2a "Special Purpose Access 
Information Agreements") signed prior to briefing an individual approved 
for access? (DoD Overprint, para 2-201 i(1 )) 

5. Do individuals processed for program access meet the prerequisite 
personnel clearance and /or investigative requirements, as verified by 
review of the DCII, LOC, etc? (DoD Overprint, para 2-201 b) 

6. Do the CPM and the CPSO coordinate on the Program Access Request 
(PAR), SAP Format 1, or on DD Form 2835, for contractor personnel 
nominated for program access before sending the PAR to the 
Government for approval? (DoD Overprint, para 2-201 c) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

7. Does the CPSO review the PAR for accuracy, local records check (for 
disqualifying information) and ensure all required signatures are present 
before sending the PAR for approval? (DoD Overprint, para 2-201 c and 

d) 

8. Does the PAR package that is sent to the government contain the signed 
PAR and a copy of the nominee’s PSQ, signed within the last 90 days? 

(DoD Overprint, para 2-201 f) 

9. Are Letters Of Compelling Need (LOCN) submitted when required by the 
PSO? (DoD Overprint, para 2-201 e) 

10. Are changes in employee status reported to the PSO? (DoD Overprint, 
para 1-300c) 

11.1s program access granted only after receipt of PSO/Government 
notification of approval? (DoD Overprint, para 2-201 g(3)) 

12.1s all information that affects baseline facility clearance, and incidents of 
personnel security clearance nature, forwarded to the CSA (e.g., DSS for 
contractors, AFSCO for USAF civilians and military members, etc.)? 

(DoD Overprint, para 1-300) 

13. Are access rosters of program briefed personnel continually reviewed, 
reconciled for discrepancies and submitted to the Government Program 
Office semi-annually? (DoD Overprint, para 2-206) 

14. Does the access roster contain the name of the individual, organization, 
position, billet number (if applicable), level of access, SSAN, grade and 
security clearance information? (DoD Overprint, para 2-206) 

15.1s foreign travel and foreign contact reported to the CPSO (and/or to the 
PSO), and are all reports maintained in the individuals' personnel files 
for the life of the contract? (DoD Overprint, pares 1-300e & f and, 1-302) 

16. Are current Tier guidelines followed for the adjudication of personnel 
security packages? (Applicable Organizational Directives/Policy) 



















SECURITY COMPLIANCE ITEMS 




YES 


NO 


N/A 


PERSONNEL SECURITY REMARKS 


DOCUMENT ACCOUNTABILITY 


1. Does the CPSO conduct an annual inventory of accountable classified 
material? (DoD Overprint, para 5-202) 








2. Are the results of that annual inventory and any discrepancies reported, 
in writing, to the PSO? (DoD Overprint, para 5-202) 








3. Has the contractor developed a system that enables control of SAP 
classified information and Unclassified/HVSACO information? (DoD 
Overprint, para 5-200) 








4. Has a SAP classified information control system, separate from regular 
collateral accountability, been established? (DoD Overprint, para 5-201) 








5. Is Top Secret information accounted for? (DoD Overprint, para 5- 
201 a(1)) 








6. Is Top Secret information entered into formal accountability when either 
a) generated, b) received, c) dispatched or, d) within 30 days for working 
papers? (DoD Overprint, para 5-201 a and 5-204c) 








7. Has a Top Secret Control Official (TSCO) been designated to receive, 
transmit and maintain access and accountability records for TS 
material? (NISPOM, para 5-203a) 








8. Is the transmission of Top Secret information covered by a continuous 
receipt system both within and outside the facility? (NISPOM, para 
5-203b) 
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SECURITY COMPLIANCE ITEMS 



| YES | NO | N/A 

9. Is each accountable document or material assigned a document control 
number and a copy number? (DoD Overprint, para 5-201 a(1)) 

10. Are external receipts and dispatch records executed and maintained for 
a two-year period? (NISPOM, para 5-202) 

11. Are classified working papers dated when created, marked with the 
overall classification, marked with the annotation “WORKING PAPER”, 
and destroyed when no long needed? (NISPOM, para 5-205b) 

12. Do engineer’s notebooks NOT include drafts of correspondence, reports 
or other materials? (DoD Overprint, para 4-202) 

13. When bound engineer’s notebooks are used, are the pages 
pre-numbered and controlled as one document? (DoD Overprint, para 
5-206c ) 

14. When 3-ring binders are used as engineer’s notebook, is a table of 
contents filled out to ensure completeness? (DoD Overprint, para 5- 
206b) 

15.1s the engineer notebook’s outer cover and first page marked with the 
highest classification level contained in the notebook? (NISPOM Sup, 
para 4-202) 

16.1s public release of SAP information not authorized without written 
permission from the Government? (NISPOM Sup, para 5-500) 

DOCUMENT ACCOUNTABILITY REMARKS 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

MARKING 

1. Is all classified material marked to show the name and address of the 
facility responsible for its preparation and the date of preparation? 

(NISPOM, para 4-202) 

2. Is the highest level of classified information contained in a document 
conspicuously marked; at the top and bottom, on the front cover, title 
page (if any), first page, and on the outside of the back cover? (NISPOM, 
para 4-203) 

3. Are interior pages of classified documents conspicuously marked at the 
top and bottom with the highest classification of information appearing 
thereon? (NISPOM, para 4-205) 

4. Is the annex, appendix, or similar components of documents marked as 
a separate document? (NISPOM, para 4-205) 

5. Is each section, part, paragraph or similar portion of a classified 
document marked to show the highest level of its classification, or that 
the portion is unclassified? (NISPOM, para 4-206) 

6. Are subjects and titles of classified documents marked as to the 
classification of that subject or title? (NISPOM, para 4-207) 

7. Are all classified documents marked to reflect the source of 
classification, downgrading/ declassification instructions on the first 
page, cover, title page, or in another prominent position? (NISPOM, para 
4-208) 

8. Are folders, binders, envelopes and other items containing classified 
documents, when not in secure storage, conspicuously marked with the 
highest classification of any classified item included therein? (NISPOM, 
para 4-209) 

9. Are microform containers marked with the highest level of classification 
of any item contained therein? (NISPOM, para 4-21 0c) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

10. Are transmittal documents marked with the highest classification level 
of information contained therein and with an appropriate notation to 
indicate its classification when enclosures are removed? (NISPOM, para 
4-211) 

11. Are coversheets applied to SAP documents when documents are 
created or distributed? (DoD Overprint, para 4-203) 

12. Are code words NOT printed on coversheets? (DoD Overprint, para 
4-203) 

MARKING REMARKS 



REPRODUCTION 

1. Has the PSO or CPSO approved the reproduction equipment (copiers, 
printers, facsimile machines with copy capability, etc.) that reproduces 
program material? (DoD Overprint, para 5-600) 

2. Has the CPM/CPSO prepared written reproduction procedures? (DoD 
Overprint, para 5-600) 

3. Are reproduced copies of classified documents subject to the same 
protection as the original document? (NISPOM, para 5-601 c) 

4. Is a record maintained for all reproduction of accountable material for a 
two-year period? (NISPOM, para 5-603) 

5. Is permission to reproduce obtained from the PSO before reproduction 
of Top Secret information? (DoD Overprint, para 5-601) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

6. Is reproduction equipment (classified and unclassified) in program areas 
under the constant surveillance of personnel responsible for enforcing 
the reproduction rules? (DoD Overprint, para 5-600) 

7. Has a notice indicating if equipment can or cannot be used for 
reproduction of classified material been posted? (DoD Overprint, para 5- 
600) 

8. Is only the minimum number of program documents, photographs, 
drawings, viewgraphs, videotapes, etc., reproduced to meet contractual 
or operational requirements? (NISPOM, para 5-600) 

9. Is SAP material reproduced outside of the SAPF? (DoD Overprint, para 
5-600) 

REPRODUCTION REMARKS 



DISPOSITION AND RETENTION 

1. Are two program briefed personnel destroying accountable classified 
program material? (DoD Overprint, para 5-702) 

2. Are destruction records being accomplished for accountable classified 
program material, including computer media, immediately upon 
destruction? (DoD Overprint, para 5-707) 

3. Are destruction certificates properly annotated and signed by both of the 
individuals completing the destruction immediately after destruction is 
completed? (DoD Overprint, para 5-702 and 707) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

4. Does destruction of program material preclude recognition or 
reconstruction of the classified information or material? (NISPOM, para 
5-700) 

5. Are destruction records retained in accordance with the DoD Overprint 
Appendix G? (DoD Overprint, para 5-701) 

6. Is classified waste safeguarded as required for the level of classified 
material involved? (NISPOM, para 5-708) 

7. Are receptacles utilized to accumulate classified waste clearly marked to 
identify it as containing classified waste? (NISPOM, para 5-708) 

8. Has the PSO approved destruction procedures? (DoD Overprint, para 5- 
703) 

9. Is all classified waste destroyed within 30 days , including computer 
disks? (DoD Overprint, para 5-704) 

10. Has a system been established to review classified holdings on a 
recurring basis to reduce these classified inventories to the minimum 
necessary for effective and efficient operations? (NISPOM, para 5-700b) 

11. If a follow-on contract has been issued, has a request for the retention 
of materials been submitted to the contracting officer through the PSO 
for materials that are required to support the follow-on? (DoD Overprint, 
para 5-701) 

DISPOSITION AND RETENTION REMARKS 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

PHYSICAL SECURITY 

1. Has the CPSO established a SAPF and received the PSO’s accreditation 
before commencing work or storing SAP material? (DoD Overprint, para 
5-800) 

2. Has an accreditation checklist (e.g., DCID 6/9, Annex A, Fixed Facility 
Checklist) been completed and approved by the PSO? (DoD Overprint, 
para 5-800) 

3. Is a random sampling system of inspections being conducted on all 
persons who enter and exit a program facility? (NISPOM, para 5-103) 

4. Is classified material stored in approved security containers, an 
approved vault, or approval granted for open storage, by the PSO, in a 
closed area? (NISPOM, para 5-302) 

5. Is Secret and Confidential material stored in the same manner as TS or in 
a safe, steel file cabinet or safe-type steel file container which has an 
automatic locking mechanism? (NISPOM, para 5-303 and 304) 

6. If a steel file cabinet is used, does it have four sides, top and bottom 
permanently attached by welding, rivets or peened bolts, and secured by 
a rigid metal lock bar and an approved lock? (NISPOM, para 5-303b) 

7. Are security containers locked when not under the direct supervision of 
an authorized person entrusted with the contents? (NISPOM, para 5- 
308b) 

8. Are persons without program access escorted at all times by an 
authorized person where inadvertent or unauthorized exposure to 
classified information cannot be effectively prevented? (NISPOM, para 
5-306 and DoD Overprint 6-100) 

9. Is the SAPF protected by an intrusion detection system IAW DCID 6/9? 

(NISPOM, para 5-307) 

10. When guards are used to protect a SAPF, is the schedule of patrol 2 
hours for TS material and 4 hours for Secret material? (NISPOM, para 5- 
307b) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

11.1s a minimum number of persons having knowledge of combinations 
maintained? (NISPOM, para 5-308a) 

12.1s a record of the names of persons having knowledge of combinations 
maintained? (NISPOM, para 5-308a) 

13. Are combinations safeguarded in accordance with the highest 
classification of the material authorized for storage in the container? 

(NISPOM, para 5-308c) 

14. Are combinations changed when a) initially used, b) termination/access 
revocation of an employee having knowledge of the combination or, c) 
the compromise or suspected compromise of the combination 
(unattended safes included)? (NISPOM, para 5-309) 

15. Are prohibited items such as cameras and recording devices not 
allowed to enter SAPFs? (DoD Overprint, para 5-807) 

16. Have DCID 1/21 construction standards been applied when technology 
and the threat to that technology warrant? (DoD Overprint, para 5-802a) 

17. Are SAPF areas constructed with true floor to true ceiling drywall 
construction and STC requirements in accordance with DCID 6/9, Annex 
E? (DoD Overprint, para 5-802b) 

PHYSICAL SECURITY REMARKS 



ACCESS CONTROL 

1. Is a visit certification received prior to all program visits? (DoD 
Overprint, para 6-100) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 



2. Does the GPM or PSO or their designated representative approve all 
visits between program activities (Exception: Prime visiting Subs)? 
(DoD Overprint, para 6-100) 




3. Are twelve-month certifications not authorized unless approved, in 
writing, by the PSO? (DoD Overprint, para 6-100) 




4. Are visit requests only sent via approved channels? (DoD Overprint, 
para 6-101) 




5. Has an ID badge system been established and approved by the PSO 
when personal identification checks are unreasonable? (DoD Overprint, 
para 1-202) 




6. Does the CPSO/FSO or their designated representative immediately 
notify all recipients of a cancellation or termination of a visit request? 
(DoD Overprint, para 6-102) 




7. Is an official photograph identification used for identifying visitors? 
(DoD Overprint, para 6-1 03a) 




8. Does the host CPSO contact the visitor’s CPSO by secure means to 
inform him/her of the visitor’s plan to hand-carry classified information? 
(DoD Overprint, para 6-1 03d) 




9. Do non-program briefed visitors sign in on a visitor’s record? (DoD 
Overprint, para 6-105) 




10. Do program briefed visitors sign in on a separate visitor’s record? (DoD 
Overprint, para 6-106) 




11.1s a warning device employed when announcing uncleared personnel in 
the program area? (DoD Overprint, para 6-1 00b) 




12.1s access to the SAPF controlled by a cleared employee or by 

supplanting access control device or system? (NISPOM, para 5-306) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

ACCESS CONTROL REMARKS 



TRANSMISSION 

1. Is classified SAP information electronically transmitted only on 
approved secure communication channels authorized by the PSO? 

(DoD Overprint, paras 1-203 & 5-403) 

2. Is the appropriate warning notice added to all classified program or 
program related material on the inner container when transmitting 
material outside the program facility? (DoD Overprint, para 4-204) 

3. Is classified information NOT discussed over unsecure telephones, in 
public conveyances or places, or in any manner that permits 
interception by unauthorized persons? (NISPOM, para 5-101) 

4. Are only program briefed personnel designated to receive US Registered 
Mail, USPS Express Mail, US Certified Mail or material delivered by 
messenger? (DoD Overprint, para 5-404) 

5. Are discrepancies noted in the contents of transmitted classified 
packages reported promptly to the sender? (NISPOM, para 5-204) 

6. Are opaque inner and outer covers used when transmitting program 
material outside the facility? (NISPOM, para 5-401 a) 



7. Is classified program material prepared, reproduced and packaged by 
program briefed personnel in an approved SAPF? (NISPOM Sup, para 5- 
401) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

8. Are detailed courier instructions provided to couriers when hand- 
carrying SAP material? (DoD Overprint, para 5-402) 

9. When couriering SAP material, are travel anomalies reported to the 
PSO/CPSO as soon as practical? (DoD Overprint, para 5-402) 

10. Has a US Postal mailing address been acquired, with no company 
affiliation, to transmit program material by postal means? (DoD 
Overprint, para 5-404) 

11. Has a suspense system been established to track transmitted 
documents until a signed copy of the receipt is returned? (NISPOM, 
para 5-401 b and DoD Overprint, para 5-401) 

12. Has written authorization been received, through the PSO or designee, 
to transmit TS information outside the facility? (NISPOM, para 5-402) 

13. Does the PSO approve all courier of SAP material via commercial 
aircraft? (DoD Overprint, para 5-402) 

14. Before any hardware movement of program assets, has a transportation 
plan been developed and PSO approved? (DoD Overprint, para 5-400) 

15.1s a courier authorization letter provided to the individual hand-carrying 
SAP material? (DoD Overprint, para 5-402a) 

TRANSMISSION REMARKS 
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SECURITY COMPLIANCE ITEMS 



| YES | NO | N/A 

AUTOMATED INFORMATION SYSTEMS 

MANAGEMENT 

1. Has an AIS Security Policy been published and promulgated that 
accurately addresses the classified processing environment? (DoD 
Overprint, paras 8-101a1 and 8-700a) 

2. Has a configuration management program been established that 
incorporates all AIS processing customer information? (DoD 
Overprint, para 8-101a(3)) 

3. Has an ISSR been formally designated to support either the program or 
the SAPF? (NISPOM, para 8-1 02b, DoD Overprint, para 8-1 00a, 8-1 01 a) 

4. Is the ISSR fully aware of his/her responsibilities? (DoD Overprint para 
8-101, page 8.1.2) 

5. Has the ISSR established a formal AIS Security program to ensure 
compliance with the NISPOM and DoD Overprint? (DoD Overprint, para 
8-101b(2)) 

6. Has the ISSR been authorized “Special Approval Authority”, is it 
specific to an individual and NOT further delegated? (DoD Overprint, 
para 8-1 01c) 

7. Are MOAs in place for all systems supporting multiple customers? (DoD 
Overprint, para 8-101b(2)(h), 8-1 02f) 

8. Is all security documentation current and customer approved? (DoD 
Overprint, para 8-700b) 

a. AISSP (NISPOM, para 8-200a, 8-403b,c; DoD Overprint, para 8-1 02b, 

8-400e) 

b. If formal written approval has not been received as outlined above, 
has an Interim Approval To Operate (IATO) been received? (DoD 
Overprint, para 8-1 02d) 

c. Physical Accreditation & Open Storage Approval 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

d. Processing Approval 

e. Certification Report 

f. MOA if applicable 

9. Have ALL individuals received initial and annual/recurring awareness 
training covering AIS security requirements identified in the DoD 
Overprint, para 8-700c, and agreed in writing to abide by those 
requirements? (DoD Overprint, para 8-700c) 

10. Have deficiencies (to include noted discrepancies) from past Security 
Review(s) been corrected? (DoD Overprint, para 8-103) 

AISSP & SYSTEM APPROVALS 

11. Have ALL AIS processing classified been accredited in writing by the 
CSA before processing is started? (NISPOM, para 8-200a) (DoD 
Overprint, para 8-102) 

12. Has certification of each AIS been properly completed and a report 
submitted to the customer? (DoD Overprint, para 8-102c(1)) 

13. Have AIS security requirements been applied to ALL AIS in the SAP 
areas regardless of the processing level of the system? (DoD Overprint, 
para 8-1 00a) 

14. Are special procedures for the collocation of classified and unclassified 
computers (or systems processing different levels/compartments) 
documented by the ISSR in the AISSP and approved by the customer? 

(NISPOM, para 8-305d, e; DoD Overprint, para 8-302a) 

15. Are all unclassified systems clearly marked and physically separated 
from classified systems? (DoD Overprint, para 8-302b) 

16. Does the customer specifically approve portable systems and have 
specific procedures been implemented for conducting security reviews 
of the devices? (DoD Overprint, para 8-101c(3), 8-302c) 

17. Are personally owned AIS prohibited in SAP areas? (DoD Overprint, 
para 8-302c) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

18. Has all test equipment used in the secure area been evaluated by the 
ISSR for the existence of nonvolatile memory and has approval been 
received from the customer to utilize equipment that permanently retains 
information? (DoD Overprint, para 8-601) 

PHYSICAL SECURITY CONTROLS 

19. Are physical security controls adequate to prevent unauthorized access 
to the AIS (i.e., properly cleared, secured, downgraded, and/or 
continuously protected) upon termination of processing? (NISPOM, para 
8-300a and d) 

20. Are all AIS processing classified in an unattended fashion maintained in 
Closed Areas and approved by the customer? (NISPOM, para 8-300c; 

DoD Overprint, para 8-301 b) 

ACCESS CONTROLS 

21. Are audit trails appropriate for the approved mode of operation? 

(NISPOM, para 8-203; DoD Overprint, para 8-201 c, 8-202b(1)(c), 8-203b(6)) 

22. Has an approved DoD Logon Warning Banner been installed on ALL 
AIS? (DoD Overprint, para 8-300e) 

23. Are User IDs properly controlled/immediately disabled when 
Need-to-know has been terminated? (NISPOM, para 8-305a; DoD 
Overprint , para 8-300a) 

24. Are disabled accounts (or their equivalent “User Files”) removed from 
the system as soon as practical? (DoD Overprint, para 8-300a) 

25. Are system logon passwords properly defined, managed and 
controlled? (NISPOM, para 8-305b; DoD Overprint, para 8-300b) 

26. Are Group log-on(s) passwords used as a primary means of 
authentication? (DoD Overprint, para 8-300c) 

27. Do all unclassified systems with external connectivity have removable 
media devices such as floppy disks disabled or locked? (DoD Overprint, 
para 8-501) 



J-22 




















SECURITY COMPLIANCE ITEMS 

YES NO N/A 

28. Are unclassified support computers such as e-mail and file servers 
periodically evaluated for the presence of Classified/HVSACO/FOUO 
material (“dirty word search")? (DoD Overprint, para 8-501) 

DATA STORAGE MEDIA & SOFTWARE CONTROLS 

29. Are ALL files, media and software approved for use, acquired from 
authorized sources, and checked for viruses before being loaded, copied 
or installed on systems in the SAPF? (DoD Overprint, para 8-500a) 

30. Has the ISSR developed procedures for controlling, reviewing and 
approving files, media and software brought into the SAPF, either 
manually or electronically, and included these procedures in the AISSP? 

(NISPOM, para 8-301 b; DoD Overprint, para 8-500a,b,c) 

31. Are write-protection methods tested and verified functional at least once 
each session? (NISPOM, para 8-301 c; DoD Overprint, para 8-500b) 

32.1s unclassified vendor supplied maintenance/diagnostic software 
controlled as classified or protected at the level of the system it is used 
on? (NISPOM, para 8-301 h, 8-306f; DoD Overprint, para 8-600c) 

33.1s all storage media, including unclassified media maintained in the 
secure area, labeled in human-readable form and controlled at the 
appropriate level? (NISPOM, para 8-302b, c; DoD Overprint, para 8-500b, 

8-501 a) 

34. Do data storage media markings include a means of identifying a 
responsible individual? (DoD Overprint, para 8-501 a) 

35. Are procedures for reutilization and/or destruction of data storage media 
completed properly (i.e., sanitized prior to release)? (NISPOM, para 8- 
302g; DoD Overprint, para 8-501 d) 

36. Have all users received training in data review and file transfer 
procedures? (DoD Overprint, para 8-501 c) 

37. Has each AIS related security incident, anomaly or virus incident been 
investigated by the ISSR and reported to the customer within the 
required timeframe? (NISPOM, para 8-301 i; DoD Overprint para 8- 

1 01 b(2)(k) and (I), 8-303c and 8-500a) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

38. Has virus detection software been installed on ALL applicable systems 
both classified and unclassified in the program area? (DoD Overprint, 
para 8-500a) 

39. Is virus detection software maintained with up to date virus definition 
files (most detection software is updated monthly)? (DoD Overprint, 
para 8-500a) 

40.1s all hard copy and magnetic media produced on dedicated or System 
High systems protected at the level of the system until properly 
reviewed? (NISPOM, para 8-302h; DoD Overprint, para 8-201 b(4)) 

AUDIT RECORDS 

41. Do all systems operating in the System High mode utilize automated 
audit trails? (DoD Overprint, para 8-202b(1)(c)) 

42. Are audit records maintained for system maintenance, software 
changes, upgrade/downgrade actions, sanitization/declassification and 
use of seals? (NISPOM, para 8-303a; DoD Overprint, para 8-303a and b) 

43. Are audit records reviewed and annotated weekly or as specified in the 
AISSP? (NISPOM, para 8-303b; DoD Overprint, para 8-303c) 

44. Are audit records retained for the period specified by the customer (not 
to exceed 12 months or until reviewed)? (NISPOM, para 8-303c; DoD 
Overprint, para 8-303d) 

45. Are automated audit trails used whenever available? (DoD Overprint, 
para 8-201 d) 

MAINTENANCE 

46. Are all maintenance personnel cleared OR escorted at all times by 
technically knowledgeable, briefed, ISSR approved individuals? 

(NISPOM, para 8-306a; DoD Overprint, para 8-600-b) 

47.1s ALL maintenance performed inside the SAPF or are electronic 
components and boards containing memory properly evaluated, 
controlled, and sanitized (based on the type of memory involved) prior to 
release from the secure area (IAW customer approved procedures)? 

(DoD Overprint, para 8-600b,c,d) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

48.1s an unclassified copy of the operating system maintained in the secure 
facility, properly controlled, exclusively for maintenance activities? 

(DoD Overprint, para 8-500d, 8-600c(1)) 

49.1s the use of remote diagnostic links restricted to exceptional 

circumstances AND has it been approved at the appropriate customer 
level? (DoD Overprint , para 8-600c(4)) 

50. Are procedures for extracting unclassified data from classified media 
established and approved by the customer (either in the AISSP or in a 
separate document)? (DoD Overprint, para 8-501 c) 

DATA MOVEMENT 

51. Does the AISSP contain procedures for moving classified media 
between approved facilities? (DoD Overprint, para 8-501 c(2)) 

52. Are transaction records maintained as required for electronic transfers 
of information between AIS? (DoD Overprint, para 8-400g) 

AUTOMATED INFORMATION SYSTEMS REMARKS 



SECURITY EDUCATION 

1. Has an aggressive, on-going security education program been 
developed? (DoD Overprint, para 3-1 08a) 

2. Has security training and briefings been specifically tailored to the 
unique security requirements of the program? (NISPOM Sup, para 3-100) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

3. Does the SAP specific security training include? (NISPOM Sup, para 3- 
100) 

a. Security requirements unique to SAPs? 

b. Protection of classified relationships? 

c. Operations Security (OPSEC)? 

d. Use of nicknames and code words? 

e. Use of special transmission methods? 

f. Special test range security procedures? 

g. Procedures for unacknowledged SAP security (if any)? 

h. Specific procedures to report Fraud, Waste, Abuse and Corruption? 

I. Automated Information Systems Security as outlined in the DoD 
Overprint, para 8-700c? 

j. Writing unclassified personnel appraisals and reviews 

k. Third party introductions 

4. Has a program specific initial indoctrination been developed? (DoD 
Overprint, para 3-1 01 a) 

5. Does every individual accessed to a SAP receive an initial 
indoctrination? (DoD Overprint, para 3-101) 

6. Does every accessed person receive an annual refresher briefing and on 
going specialized training that contains a minimum of those elements 
outlined in the DoD Overprint , paragraph 3-103? (DoD Overprint, para 3- 
103) 

7. Is a record maintained documenting refresher training? (DoD Overprint, 
para 3-103) 

8. Are individuals debriefed when it is determined that access to SAP 
information is no longer required? (DoD Overprint, para 3-104) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

9. Do these individuals sign a termination agreement? (DoD Overprint, 
para 3-1 04c) 

10. Does the debriefing include? (DoD Overprint, para 3-104) 

a. Reaffirmation of the original NDA? 

b. Advise of the continuing sensitivity of SAP information? 

c. Verify the return of any SAP classified material? 

d. Discuss the reason for the debriefing? 

e. Emphasize that the termination does not terminate the individual’s 
responsibilities to protect SAP information? 

f. Reaffirm the continued applicability of appropriate statues? 

g. Request comments and recommendations regarding program 
security? 

h. Provide a POC to report any incidents in the future that might affect 
the security of the program? 

11. Are administrative debriefings used when attempts to locate an 
individual with program access, by phone or mail, are not successful? 

(DoD Overprint, para 3-105a,b,c) 

12. Are ISSRs properly trained and have the appropriate skills to perform 
their job? (DoD Overprint, para 3-1 01b) 

13. Are all persons who are responsible for and access computers aware of 
proper operational and security-related procedures? (DoD Overprint, 
para 3-1 OOi) 

14.1s computer security refresher training conducted at least annually? 

(DoD Overprint, para 3-1 OOi) 

15. Are foreign travel briefings given annually or before travel, whichever is 
earlier? (DoD Overprint, para 3-107) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

16. Do personnel attending international conferences and symposia receive 
a defensive briefing? (DoD Overprint, para 3-1 08b) 

SECURITY EDUCATION REMARKS 



CONTRACTING 

1. Does the prime contractor review PARs submitted by subs and concur 
before forwarding the PAR to the government? (DoD Overprint, para 2- 
201 g(4)) 

2. The prime contractor does NOT open the PSQ packages sent by the 
subcontractors? (NISPOM Sup, para 2-201 g(4)) 

3. Do all contractors (prime and sub) have valid facility clearances to the 
level of classified information involved in their work, and has that been 
verified in coordination with the PSO? (DoD Overprint, para 7-101) 

4. Has the storage capability level and access level to classified been 
verified in coordination with the PSO? (DoD Overprint, para 7-101) 

5. Is subcontractor program access pre-coordinated with the PSO? (DoD 
Overprint, para 7-102) 

6. When approved by the PSO, does the prime contractor CPSO provide 
program indoctrinations and obtain NDAs from the subcontractors? 
(DoD Overprint, para 7-102) 

7. Has a security requirements agreement been prepared that specifically 
addresses those enhanced security requirements that apply to the 
subcontractor? (DoD Overprint, para 7-102) 
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SECURITY COMPLIANCE ITEMS 

YES NO N/A 

8. Does the security requirements agreement include all required items: 

(DoD Overprint, para 7-102) 

9. Do contractors submit waiver requests through their primes, on SAP 
Format 12? Does the prime validate all such waivers are absolutely 
necessary and justified by signing the REVIEWING OFFICIAL block. 

Does the prime forward all such waivers to the Government PSO for 
approval? (DoD Overprint, para 1-106) 

10. The prime contractor representative does NOT act as Team Chief when 
conducting security reviews of subcontractors? (DoD Overprint, para 1- 
206c) 

11. Has a DD Form 254 been prepared for each subcontractor or 
consultant? (DoD Overprint, para 4-1 03a) 

12. Has the PSO approved all DD Form 254s for Subcontractors? (DoD 
Overprint, para 4-1 03d) 

CONTRACTING REMARKS 



RESPONSE FORCE 

1. Does the response force respond to alarms at closed storage SAPFs 
within 15 minutes? (DCID 6/9, Annex B, para 5.2.1) 

2. Does the response force respond to alarms at open storage SAPFs 
within 5 minutes? (DCID 6/9, Annex B, para 5.2.1) 
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SECURITY COMPLIANCE ITEMS 



YES NO N/A 

3. Do response force personnel remain at the scene until released by the 
CPSO or his/her designated representative? (DoD Overprint, para 5- 
805b) 

4. Are guards properly trained and post instructions adequate, available 
and appropriate? (DCID 6/9, Annex B, para 5.2.2) 

5. Are guard personnel properly equipped, to include adequate 
communications? (DCID 6/9, Annex B) 

6. Are alarms installed, maintained and monitored by US citizens who have 
been subjected to a trustworthiness determination? (DCID 6/9, Annex B, 
para 5.3) 

7. Are guard personnel or local emergency authorities interviewed to their 
extent of exposure when they inadvertently gain access to program 
areas? (DoD Overprint, para 1-301b(1)) 

RESPONSE FORCE REMARKS 



SPECIAL EMPHASIS ITEM 




TA 
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